steveloughran commented on PR #15171: URL: https://github.com/apache/iceberg/pull/15171#issuecomment-4006502947
@danielcweeks my PR #15428 extends this PR with more tests of caching working. There is one alternative design which I propose there: when the client gets a cache-control: true response, it must parse the authorization header to identify the enumerated headers, and only include those in the cache. When the client has a request to sign, it does a lookup of the (method, uri, region) but doesn't treat a hit as sufficient. it has to check all the signed headers to verify that they are unchanged before reusing the signature. This meets your "server decides what to sign" requirement, but also satisfies amazon's requirement that "all signed headers must be valid". Currently that doesn't reliably hold. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
