Presigner Host Injection accesses an invalid property #2725
Labels
bug
This issue is a bug.
closed-for-staleness
response-requested
Waiting on additional info and feedback. Will move to \"closing-soon\" in 7 days.
Describe the bug
The bug exists in the
s3-request-presigner
package. Specifically, attempting to presign an existing request usingpresigner.presign(request)
fails with a string error (cannot trim undefined).This is caused by the
SignatureV4
module attempting to access thehost
header, which does not exist. Issue #1988 addressed this and a PR was implemented to fill thehost
header automatically from thehostname
property of the request. However, this fix introduces a bug as the property path is invalid.While the fix retrieves the host header from the
.hostname
property of anHttpRequest
object, this property path actually does not exist; the correct property path is.endpoint.hostname
. Simply changing it to this or adding a|| .endpoint.hostname
would work here.The line to fix:
aws-sdk-js-v3/packages/s3-request-presigner/src/presigner.ts
Line 47 in 648a41a
A temporary workaround for others is to inject the
.hostname
property into the request before presigning. The above fix will then retrieve the.hostname
property to populate the host header.A similar bug occurs with the protocol which is sometimes undefined, resulting in presigned urls that begin with
undefined//
.Your environment
Node.js 16.4.0
SDK version number
@aws-sdk/s3-request-presigner@3.28.0
Is the issue in the browser/Node.js/ReactNative?
Node.js
Details of the browser/Node.js/ReactNative version
v16.4.0
Steps to reproduce
Observed behavior
Error:
While the error message refers to Signaturev4, the issue is actually in
s3-request-presigner
as described above.The text was updated successfully, but these errors were encountered: