fix(s3-request-presigner): remove x-amz-user-agent header (#2493)

aws · Jun 17, 2021 · 019292b · 019292b
1 parent 5e0a46a
commit 019292b
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 0 deletions.
diff --git a/packages/s3-request-presigner/src/getSignedUrl.spec.ts b/packages/s3-request-presigner/src/getSignedUrl.spec.ts
@@ -111,4 +111,25 @@ describe("getSignedUrl", () => {
     const commands = [command, command];
     return expect(Promise.all(commands.map((command) => getSignedUrl(client, command)))).resolves.toBeInstanceOf(Array);
   });
+
+  it.each(["amz-sdk-invocation-id", "amz-sdk-request", "x-amz-user-agent"])(
+    "should delete '%s' header",
+    async (header) => {
+      const client = new S3Client(clientParams);
+      const command = new GetObjectCommand({
+        Bucket: "Bucket",
+        Key: "Key",
+      });
+      command.middlewareStack.add(
+        (next) => (args) => {
+          (args.request ?? {})[header] = "foo";
+          return next(args);
+        },
+        { step: "serialize", priority: "low" }
+      );
+      await getSignedUrl(client, command);
+      expect(mockPresign).toBeCalled();
+      expect(mockPresign.mock.calls[0][0].headers[header]).toBeUndefined();
+    }
+  );
 });
diff --git a/packages/s3-request-presigner/src/getSignedUrl.ts b/packages/s3-request-presigner/src/getSignedUrl.ts
@@ -24,6 +24,8 @@ export const getSignedUrl = async <
       // Retry information headers are not meaningful in presigned URLs
       delete request.headers["amz-sdk-invocation-id"];
       delete request.headers["amz-sdk-request"];
+      // User agent header would leak sensitive information
+      delete request.headers["x-amz-user-agent"];
 
       const presigned = await s3Presigner.presign(request, {
         ...options,