@@ -239,7 +239,12 @@ def _test_blocklist_header(self, header, value):
239239 )
240240 auth = self .AuthClass (credentials , 's3' , 'us-east-1' )
241241 auth .add_auth (request )
242- self .assertNotIn (header , request .headers ['Authorization' ])
242+ signed_headers = (
243+ request .headers ['Authorization' ]
244+ .split ('SignedHeaders=' , 1 )[1 ]
245+ .split (',' , 1 )[0 ]
246+ )
247+ self .assertNotIn (header .lower (), signed_headers .split (';' ))
243248
244249 def test_blocklist_expect_headers (self ):
245250 self ._test_blocklist_header ('expect' , '100-continue' )
@@ -255,6 +260,31 @@ def test_blocklist_user_agent_header(self):
255260 def test_blocklist_transfer_encoding_header (self ):
256261 self ._test_blocklist_header ('transfer-encoding' , 'chunked' )
257262
263+ def test_blocklist_connection_header (self ):
264+ self ._test_blocklist_header ('connection' , 'keep-alive' )
265+
266+ def test_blocklist_keep_alive_header (self ):
267+ self ._test_blocklist_header ('keep-alive' , 'timeout=5' )
268+
269+ def test_blocklist_proxy_authenticate_header (self ):
270+ self ._test_blocklist_header (
271+ 'proxy-authenticate' , 'Basic realm="proxy.example.com"'
272+ )
273+
274+ def test_blocklist_proxy_authorization_header (self ):
275+ self ._test_blocklist_header (
276+ 'proxy-authorization' , 'Basic YWxhZGRpbjpvcGVuc2VzYW1l'
277+ )
278+
279+ def test_blocklist_te_header (self ):
280+ self ._test_blocklist_header ('te' , 'trailers' )
281+
282+ def test_blocklist_trailer_header (self ):
283+ self ._test_blocklist_header ('trailer' , 'x-amz-checksum-sha256' )
284+
285+ def test_blocklist_upgrade_header (self ):
286+ self ._test_blocklist_header ('upgrade' , 'websocket' )
287+
258288 def test_uses_sha256_if_config_value_is_true (self ):
259289 self .client_config .s3 ['payload_signing_enabled' ] = True
260290 self .auth .add_auth (self .request )
0 commit comments