docs(hmac-auth): include Digest header in signed headers for body validation example#13421
Open
moying2026 wants to merge 2 commits into
Open
docs(hmac-auth): include Digest header in signed headers for body validation example#13421moying2026 wants to merge 2 commits into
moying2026 wants to merge 2 commits into
Conversation
dosubot
Bot
added
size:S
moying2026
force-pushed
the
auto/issue-13395
branch
from
18e7638 to
9801d40
Compare
dosubot
Bot
added
size:M
moying2026
force-pushed
the
auto/issue-13395
branch
from
9801d40 to
773fda8
Compare
dosubot
Bot
added
size:S
dosubot
Bot
added
size:XXL
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #13395\n\nThis PR improves the body validation example in the hmac-auth documentation. Currently, the example computes and sends a Digest header but does not include it in the signed headers list, which could mislead readers about how to properly bind the request body to the HMAC signature.\n\nChanges:\n- Add a note clarifying that validate_request_body alone does not bind the Digest header to the signature\n- Update the Python example to compute the body digest before building the signing string\n- Include the Digest header in both the signing string and the headers list in Authorization\n- Adjust the signing string construction order to match the updated headers list\n\nThis is a docs-only change with no code modifications.