@@ -46,19 +46,6 @@ public class Signer {
4646 // URLs (that are executed by other agents) or when customers pass requests through proxies, which
4747 // may modify the user-agent.
4848 //
49- // * Content-Length
50- // This is ignored from signing because generating a pre-signed URL should not provide a
51- // content-length constraint, specifically when vending a S3 pre-signed PUT URL. The corollary to
52- // this is that when sending regular requests (non-pre-signed), the signature contains a checksum
53- // of the body, which implicitly validates the payload length (since changing the number of bytes
54- // would change the checksum) and therefore this header is not valuable in the signature.
55- //
56- // * Content-Type
57- // Signing this header causes quite a number of problems in browser environments, where browsers
58- // like to modify and normalize the content-type header in different ways. There is more
59- // information on this in https://github.com/aws/aws-sdk-js/issues/244. Avoiding this field
60- // simplifies logic and reduces the possibility of future bugs.
61- //
6249 // * Authorization
6350 // Is skipped for obvious reasons.
6451 //
@@ -67,14 +54,11 @@ public class Signer {
6754 // calculation.
6855 //
6956 private static final Set <String > IGNORED_HEADERS =
70- ImmutableSet .of (
71- "accept-encoding" , "authorization" , "content-type" , "content-length" , "user-agent" );
57+ ImmutableSet .of ("accept-encoding" , "authorization" , "user-agent" );
7258 private static final Set <String > PRESIGN_IGNORED_HEADERS =
7359 ImmutableSet .of (
7460 "accept-encoding" ,
7561 "authorization" ,
76- "content-type" ,
77- "content-length" ,
7862 "user-agent" ,
7963 "content-md5" ,
8064 "x-amz-content-sha256" ,
0 commit comments