1package v4
 2
 3// IgnoredHeaders is a list of headers that are ignored during signing
 4var IgnoredHeaders = Rules{
 5	ExcludeList{
 6		MapRule{
 7			"Authorization":   struct{}{},
 8			"User-Agent":      struct{}{},
 9			"X-Amzn-Trace-Id": struct{}{},
10			"Expect":          struct{}{},
11		},
12	},
13}
14
15// RequiredSignedHeaders is a allow list for Build canonical headers.
16var RequiredSignedHeaders = Rules{
17	AllowList{
18		MapRule{
19			"Cache-Control":                         struct{}{},
20			"Content-Disposition":                   struct{}{},
21			"Content-Encoding":                      struct{}{},
22			"Content-Language":                      struct{}{},
23			"Content-Md5":                           struct{}{},
24			"Content-Type":                          struct{}{},
25			"Expires":                               struct{}{},
26			"If-Match":                              struct{}{},
27			"If-Modified-Since":                     struct{}{},
28			"If-None-Match":                         struct{}{},
29			"If-Unmodified-Since":                   struct{}{},
30			"Range":                                 struct{}{},
31			"X-Amz-Acl":                             struct{}{},
32			"X-Amz-Copy-Source":                     struct{}{},
33			"X-Amz-Copy-Source-If-Match":            struct{}{},
34			"X-Amz-Copy-Source-If-Modified-Since":   struct{}{},
35			"X-Amz-Copy-Source-If-None-Match":       struct{}{},
36			"X-Amz-Copy-Source-If-Unmodified-Since": struct{}{},
37			"X-Amz-Copy-Source-Range":               struct{}{},
38			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{},
39			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key":       struct{}{},
40			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5":   struct{}{},
41			"X-Amz-Grant-Full-control":                                    struct{}{},
42			"X-Amz-Grant-Read":                                            struct{}{},
43			"X-Amz-Grant-Read-Acp":                                        struct{}{},
44			"X-Amz-Grant-Write":                                           struct{}{},
45			"X-Amz-Grant-Write-Acp":                                       struct{}{},
46			"X-Amz-Metadata-Directive":                                    struct{}{},
47			"X-Amz-Mfa":                                                   struct{}{},
48			"X-Amz-Request-Payer":                                         struct{}{},
49			"X-Amz-Server-Side-Encryption":                                struct{}{},
50			"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id":                 struct{}{},
51			"X-Amz-Server-Side-Encryption-Context":                        struct{}{},
52			"X-Amz-Server-Side-Encryption-Customer-Algorithm":             struct{}{},
53			"X-Amz-Server-Side-Encryption-Customer-Key":                   struct{}{},
54			"X-Amz-Server-Side-Encryption-Customer-Key-Md5":               struct{}{},
55			"X-Amz-Storage-Class":                                         struct{}{},
56			"X-Amz-Website-Redirect-Location":                             struct{}{},
57			"X-Amz-Content-Sha256":                                        struct{}{},
58			"X-Amz-Tagging":                                               struct{}{},
59		},
60	},
61	Patterns{"X-Amz-Object-Lock-"},
62	Patterns{"X-Amz-Meta-"},
63}
64
65// AllowedQueryHoisting is a allowed list for Build query headers. The boolean value
66// represents whether or not it is a pattern.
67var AllowedQueryHoisting = InclusiveRules{
68	ExcludeList{RequiredSignedHeaders},
69	Patterns{"X-Amz-"},
70}