fix(core): make Signer.sign side-effect-ful

the previous Signer.sign() implementation not only returns signed request, but also sets the signed headers to input request. The recent refactor makes it side-effect-less. However this change breaks RestClient.ajax() clock skew correction which relies on the x-amz-date header set by signer to the input request object to indicate the current client side time. this fix resolves aws-amplify#11480
AllanZhengYP · Jun 14, 2023 · 709c4a5 · 709c4a5
1 parent 08fc7ee
commit 709c4a5
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 0 deletions.
diff --git a/packages/core/__tests__/Signer-test.ts b/packages/core/__tests__/Signer-test.ts
@@ -125,6 +125,26 @@ describe('Signer.sign', () => {
 			)
 		);
 	});
+
+	test("should add signed request's headers to input request", () => {
+		const request = getDefaultRequest();
+		const signedRequest = Signer.sign(request, credentialsWithToken, {
+			region: 'us-east-1',
+			service: 'foo',
+		});
+		expect(signedRequest.headers).toEqual(
+			expect.objectContaining({
+				'x-amz-date': expect.any(String),
+				Authorization: expect.any(String),
+			})
+		);
+		expect(request.headers).toEqual(
+			expect.objectContaining({
+				'x-amz-date': expect.any(String),
+				Authorization: expect.any(String),
+			})
+		);
+	});
 });
 
 describe('Signer.signUrl', () => {

diff --git a/packages/core/src/Signer.ts b/packages/core/src/Signer.ts
@@ -76,6 +76,12 @@ export class Signer {
 			signedRequest.headers['x-amz-security-token'];
 		delete signedRequest.headers.authorization;
 		delete signedRequest.headers['x-amz-security-token'];
+
+		// For parity with previous signer implementation, add side effect to update the original request's headers with
+		// signed request's headers. This should be removed in future. Api-rest category's REST client relies on this behavior
+		// to correct clock skew.
+		Object.assign(request.headers, signedRequest.headers);
+
 		return signedRequest;
 	}