Signing URLs with explicit ports

[khanlou]

Great library, definitely gets the job done for us! We've vendored it and noticed an issue with how this code interacts with URLSession.

When signing a url (e.g., for S3) with a port in it, such as https://s3.amazonaws.com:443/bucket... the signature will be computed with the port. However, when requesting the content of that URL with URLSession (or Data(contentsOf:)), the port is stripped out, and the signature is no longer correct, and AWS returns a 403.

We're currently playing with a few solutions, including stripping the port before signing.

[adam-fowler]

Oh I had to do some similar work in Soto the Swift AWS SDK. Don't think I ported the changes to aws-signer-v4. You might be better using the signer from SotoCore that is guaranteed to be kept up to date.

[khanlou]

Looks like that's here?

https://github.com/soto-project/soto-core/blob/main/Sources/SotoSignerV4/signer.swift#L340-L349

[adam-fowler]

Yep that'd be it

[khanlou]

Okay, cool. Feel free to close this issue or address it, we'll fix on our side!

[adam-fowler]

I'll leave it open, to remind me to fix it.