Caps in 'X-Amz-User-Agent'

[rmoqpd5t]

Describe the bug

In REDCap's use of aws-sdk-php I found the client's header 'x-amz-user-agent' not being blacklisted in ./src/Signature/SignatureV4.php's function getHeaderBlacklist() and therefore authorization not working due to case sensitivity not matching 'X-Amz-User-Agent'. All of the other items in the blacklist are lower, shouldn't 'X-Amz-User-Agent' ? Or include in the blacklist both 'X-Amz-User-Agent' and 'x-amz-user-agent' ?

Regression Issue

• Select this option if this issue appears to be a regression.

Expected Behavior

All lower 'x-amz-user-agent' should be blacklisted

Current Behavior

'x-amz-user-agent' is not blacklisted, for example see the authorization header:

{
  host: '192.168.90.202:8080',
  'x-amz-acl': 'private',
  'x-amz-user-agent': '',
  'x-amz-checksum-crc32': '2H9+DA==',
  'content-type': 'application/octet-stream',
  'aws-sdk-invocation-id': 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  'aws-sdk-retry': '0/0',
  'x-amz-content-sha256': 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
  'x-amz-date': '20260415T133811Z',
  authorization: 'AWS4-HMAC-SHA256 Credential=XXXXXXXXXXXXXXXXXXXX/20260415/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-acl;x-amz-checksum-crc32;x-a
mz-content-sha256;x-amz-date;x-amz-user-agent, Signature=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  'user-agent': 'aws-sdk-php/3.374.0 ua/2.1 OS/Linux#6.12.0-124.47.1.el10_1.x86_64 lang/php#8.3.29 m/P,Z,U,e,N,b GuzzleHttp/7',
  'content-length': '4'
}

Reproduction Steps

Attempt to use REDcap's S3 implemention with an S3 endpoint and debug the reason the signature isn't working

Possible Solution

Add both 'x-amz-user-agent' and 'X-Amz-User-Agent' if needed

Additional Information/Context

No response

SDK version used

3.374.0

Environment details (Version of PHP (php -v)? OS name and version, etc.)

PHP 8.3.29

[rmoqpd5t]

I think the problem is here:

    private function moveHeadersToQuery(array $parsedRequest)
    {
        //x-amz-user-agent shouldn't be put in a query param
        unset($parsedRequest['headers']['X-Amz-User-Agent']);

        foreach ($parsedRequest['headers'] as $name => $header) {
            $lname = strtolower($name);
            if (substr($lname, 0, 5) == 'x-amz') {
                $parsedRequest['query'][$name] = $header;
            }
            $blacklist = $this->getHeaderBlacklist();

The unset assumes the constant X-Amz-User-Agent has that case so it does not match clients that use x-amz-user-agent

[rmoqpd5t]

Duplicate of #2882 however per my message above I don't think their change fixes the problem