ryanfowler · ryanfowler · May 26, 2026 · May 26, 2026
@@ -207,6 +207,16 @@ pub async fn execute(cli: &Cli) -> Result<i32, FetchError> {
             if !auth_allowed {
                 strip_cross_origin_sensitive_headers(&mut attempt_headers);
             }
+            if auth_allowed && let Some(config) = &aws_config {
+                apply_aws_sigv4(
+                    cli,
+                    request_method.as_str(),
+                    &request_url,
+                    &mut attempt_headers,
+                    &request_body,
+                    config,
+                )?;
+            }
             if cli.verbose >= 2 && !cli.silent {
                 print_request_metadata(
                     cli,
@@ -226,16 +236,6 @@ pub async fn execute(cli: &Cli) -> Result<i32, FetchError> {
             {
                 print_dns_debug(cli, dns);
             }
-            if auth_allowed && let Some(config) = &aws_config {
-                apply_aws_sigv4(
-                    cli,
-                    request_method.as_str(),
-                    &request_url,
-                    &mut attempt_headers,
-                    &request_body,
-                    config,
-                )?;
-            }
 
             let req = build_request(
                 &request_client.client,

@@ -2779,13 +2779,20 @@ fn basic_bearer_and_aws_auth_headers() {
             &format!("{}/aws", server.url),
             "--aws-sigv4",
             "us-east-1/s3",
+            "-vv",
         ],
     );
     assert_exit(&res, 0);
     assert_eq!(
         res.stdout,
         "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
     );
+    assert!(res.stderr.contains("> authorization: AWS4-HMAC-SHA256 "));
+    assert!(res.stderr.contains("> x-amz-date: "));
+    assert!(res.stderr.contains("> x-amz-security-token: session-token"));
+    assert!(res.stderr.contains(
+        "> x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
+    ));
 }
 
 #[test]