steveloughran commented on PR #15428: URL: https://github.com/apache/iceberg/pull/15428#issuecomment-3959246863
I don't like that the server client needs to guess which headers in a new request are excluded from the sign and hence safe to cache. Change encryption for example and everything blows up with a signing failure. Either the signer should parse and cache the header list from the signature, or (slightly better) the rest servlet should return that list independently. The signer can then use that header list in the cache information to decide whether to reuse. Simplest strategy: include the list of headers alongside the signature, and if changed, don't use the cache value. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
