botocore/crt/auth.py [150:193]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - _USE_DOUBLE_URI_ENCODE = False _SHOULD_NORMALIZE_URI_PATH = False def _get_existing_sha256(self, request): # always recalculate return None def _should_sha256_sign_payload(self, request): # S3 allows optional body signing, so to minimize the performance # impact, we opt to not SHA256 sign the body on streaming uploads, # provided that we're on https. client_config = request.context.get('client_config') s3_config = getattr(client_config, 's3', None) # The config could be None if it isn't set, or if the customer sets it # to None. if s3_config is None: s3_config = {} # The explicit configuration takes precedence over any implicit # configuration. sign_payload = s3_config.get('payload_signing_enabled', None) if sign_payload is not None: return sign_payload # We require that both content-md5 be present and https be enabled # to implicitly disable body signing. The combination of TLS and # content-md5 is sufficiently secure and durable for us to be # confident in the request without body signing. if not request.url.startswith('https') or \ 'Content-MD5' not in request.headers: return True # If the input is streaming we disable body signing by default. if request.context.get('has_streaming_input', False): return False # If the S3-specific checks had no results, delegate to the generic # checks. return super()._should_sha256_sign_payload(request) def _should_add_content_sha256_header(self, explicit_payload): # Always add X-Amz-Content-SHA256 header return True - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - botocore/crt/auth.py [333:376]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - _USE_DOUBLE_URI_ENCODE = False _SHOULD_NORMALIZE_URI_PATH = False def _get_existing_sha256(self, request): # always recalculate return None def _should_sha256_sign_payload(self, request): # S3 allows optional body signing, so to minimize the performance # impact, we opt to not SHA256 sign the body on streaming uploads, # provided that we're on https. client_config = request.context.get('client_config') s3_config = getattr(client_config, 's3', None) # The config could be None if it isn't set, or if the customer sets it # to None. if s3_config is None: s3_config = {} # The explicit configuration takes precedence over any implicit # configuration. sign_payload = s3_config.get('payload_signing_enabled', None) if sign_payload is not None: return sign_payload # We require that both content-md5 be present and https be enabled # to implicitly disable body signing. The combination of TLS and # content-md5 is sufficiently secure and durable for us to be # confident in the request without body signing. if not request.url.startswith('https') or \ 'Content-MD5' not in request.headers: return True # If the input is streaming we disable body signing by default. if request.context.get('has_streaming_input', False): return False # If the S3-specific checks had no results, delegate to the generic # checks. return super()._should_sha256_sign_payload(request) def _should_add_content_sha256_header(self, explicit_payload): # Always add X-Amz-Content-SHA256 header return True - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -