fix(signature-v4): add hoistable headers config

Author: kuhe

.changeset/happy-emus-crash.md

@@ -0,0 +1,6 @@
+---
+"@smithy/signature-v4": minor
+"@smithy/types": minor
+---
+
+configurable hoisted headers

packages/signature-v4/src/SignatureV4.ts

@@ -131,6 +131,7 @@ export class SignatureV4 implements RequestPresigner, RequestSigner, StringSigne
       unsignableHeaders,
       unhoistableHeaders,
       signableHeaders,
+      hoistableHeaders,
       signingRegion,
       signingService,
     } = options;
@@ -146,7 +147,7 @@ export class SignatureV4 implements RequestPresigner, RequestSigner, StringSigne
     }
 
     const scope = createScope(shortDate, region, signingService ?? this.service);
-    const request = moveHeadersToQuery(prepareRequest(originalRequest), { unhoistableHeaders });
+    const request = moveHeadersToQuery(prepareRequest(originalRequest), { unhoistableHeaders, hoistableHeaders });
 
     if (credentials.sessionToken) {
       request.query[TOKEN_QUERY_PARAM] = credentials.sessionToken;

packages/signature-v4/src/moveHeadersToQuery.spec.ts

@@ -99,4 +99,36 @@ describe("moveHeadersToQuery", () => {
       SNAP: "crackle, pop",
     });
   });
+
+  it("should obey hoistableHeaders configuration over unhoistableHeaders", () => {
+    const req = moveHeadersToQuery(
+      new HttpRequest({
+        ...minimalRequest,
+        headers: {
+          Host: "www.example.com",
+          "X-Amz-Website-Redirect-Location": "/index.html",
+          Foo: "bar",
+          fizz: "buzz",
+          SNAP: "crackle, pop",
+          "X-Amz-Storage-Class": "STANDARD_IA",
+        },
+      }),
+      {
+        hoistableHeaders: new Set(["x-amz-website-redirect-location", "snap"]),
+        unhoistableHeaders: new Set(["x-amz-website-redirect-location"]),
+      }
+    );
+
+    expect(req.query).toEqual({
+      SNAP: "crackle, pop",
+      "X-Amz-Storage-Class": "STANDARD_IA",
+      "X-Amz-Website-Redirect-Location": "/index.html",
+    });
+
+    expect(req.headers).toEqual({
+      Host: "www.example.com",
+      Foo: "bar",
+      fizz: "buzz",
+    });
+  });
 });

packages/signature-v4/src/moveHeadersToQuery.ts

@@ -6,12 +6,15 @@ import type { HttpRequest as IHttpRequest, QueryParameterBag } from "@smithy/typ
  */
 export const moveHeadersToQuery = (
   request: IHttpRequest,
-  options: { unhoistableHeaders?: Set<string> } = {}
+  options: { unhoistableHeaders?: Set<string>; hoistableHeaders?: Set<string> } = {}
 ): IHttpRequest & { query: QueryParameterBag } => {
   const { headers, query = {} as QueryParameterBag } = HttpRequest.clone(request);
   for (const name of Object.keys(headers)) {
     const lname = name.toLowerCase();
-    if (lname.slice(0, 6) === "x-amz-" && !options.unhoistableHeaders?.has(lname)) {
+    if (
+      (lname.slice(0, 6) === "x-amz-" && !options.unhoistableHeaders?.has(lname)) ||
+      options.hoistableHeaders?.has(lname)
+    ) {
       query[name] = headers[name];
       delete headers[name];
     }

packages/types/src/signature.ts

@@ -75,6 +75,12 @@ export interface RequestPresigningArguments extends RequestSigningArguments {
    * lower case and then checked for existence in the unhoistableHeaders set.
    */
   unhoistableHeaders?: Set<string>;
+
+  /**
+   * This overrides any values set by unhoistableHeaders.
+   * These headers will be hoisted into the query string and signed.
+   */
+  hoistableHeaders?: Set<string>;
 }
 
 /**