From 201fc8fd4de689a6167763e1d153e8667eb0373c Mon Sep 17 00:00:00 2001
From: Lauren Voswinkel <lvoswinkel@hashicorp.com>
Date: Tue, 22 Sep 2020 10:02:37 -0700
Subject: [PATCH] Add content-sha256 as a default allowed STS header (#10009)

Also, alphabetize those headers... just because.
---
 builtin/credential/aws/backend.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/builtin/credential/aws/backend.go b/builtin/credential/aws/backend.go
index 784495d8a..9d5e1661d 100644
--- a/builtin/credential/aws/backend.go
+++ b/builtin/credential/aws/backend.go
@@ -20,10 +20,11 @@ import (
 const amzHeaderPrefix = "X-Amz-"
 
 var defaultAllowedSTSRequestHeaders = []string{
-	"X-Amz-Date",
-	"X-Amz-Credential",
-	"X-Amz-Security-Token",
 	"X-Amz-Algorithm",
+	"X-Amz-Content-Sha256",
+	"X-Amz-Credential",
+	"X-Amz-Date",
+	"X-Amz-Security-Token",
 	"X-Amz-Signature",
 	"X-Amz-SignedHeaders"}