xxchan commented on code in PR #1241: URL: https://github.com/apache/iceberg-rust/pull/1241#discussion_r2063859896
########## crates/catalog/rest/src/client.rs: ########## @@ -220,6 +225,39 @@ impl HttpClient { /// Executes the given `Request` and returns a `Response`. pub async fn execute(&self, mut request: Request) -> Result<Response> { request.headers_mut().extend(self.extra_headers.clone()); + + if let Some((loader, signer)) = &self.signer { + match loader.load().await { + Ok(Some(credential)) => { + const EMPTY_STRING_SHA256: &str = + "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"; + request.headers_mut().insert( + "x-amz-content-sha256", + HeaderValue::from_str(EMPTY_STRING_SHA256).unwrap(), + ); Review Comment: By default, `reqsign` will fill `x-amz-content-sha256=UNSIGNED-PAYLOAD`. If signing request body is needed, caller should fill a `x-amz-content-sha256` themselves. `UNSIGNED-PAYLOAD` works for s3, but it seems not working for `s3tables`. Therefore, I tried to include `SHA256("")= e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`, and it works.. I also not sure if this is the most correct way, whether we should support this natively in `reqsign`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For additional commands, e-mail: issues-h...@iceberg.apache.org