mirror of
https://github.com/seaweedfs/seaweedfs.git
synced 2025-09-23 04:53:32 +08:00
skip headers when signing a request
Some checks failed
go: build dev binaries / cleanup (push) Has been cancelled
docker: build dev containers / build-dev-containers (push) Has been cancelled
End to End / FUSE Mount (push) Has been cancelled
go: build binary / Build (push) Has been cancelled
Ceph S3 tests / Ceph S3 tests (push) Has been cancelled
go: build dev binaries / build_dev_linux_windows (amd64, linux) (push) Has been cancelled
go: build dev binaries / build_dev_linux_windows (amd64, windows) (push) Has been cancelled
go: build dev binaries / build_dev_darwin (amd64, darwin) (push) Has been cancelled
go: build dev binaries / build_dev_darwin (arm64, darwin) (push) Has been cancelled
Some checks failed
go: build dev binaries / cleanup (push) Has been cancelled
docker: build dev containers / build-dev-containers (push) Has been cancelled
End to End / FUSE Mount (push) Has been cancelled
go: build binary / Build (push) Has been cancelled
Ceph S3 tests / Ceph S3 tests (push) Has been cancelled
go: build dev binaries / build_dev_linux_windows (amd64, linux) (push) Has been cancelled
go: build dev binaries / build_dev_linux_windows (amd64, windows) (push) Has been cancelled
go: build dev binaries / build_dev_darwin (amd64, darwin) (push) Has been cancelled
go: build dev binaries / build_dev_darwin (arm64, darwin) (push) Has been cancelled
fix https://github.com/seaweedfs/seaweedfs/issues/6576#issuecomment-2724577279
This commit is contained in:
chrislu
@@ -62,6 +62,19 @@ const (
|
||||
streamingUnsignedPayload = "STREAMING-UNSIGNED-PAYLOAD-TRAILER"
|
||||
)
|
||||
|
||||
// AWS S3 authentication headers that should be skipped when signing the request
|
||||
// https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
|
||||
var awsS3AuthHeaders = map[string]struct{}{
|
||||
"x-amz-content-sha256": {},
|
||||
"x-amz-security-token": {},
|
||||
"x-amz-algorithm": {},
|
||||
"x-amz-date": {},
|
||||
"x-amz-expires": {},
|
||||
"x-amz-signedheaders": {},
|
||||
"x-amz-credential": {},
|
||||
"x-amz-signature": {},
|
||||
}
|
||||
|
||||
// Returns SHA256 for calculating canonical-request.
|
||||
func getContentSha256Cksum(r *http.Request) string {
|
||||
var (
|
||||
@@ -424,15 +437,11 @@ func (iam *IdentityAccessManagement) doesPresignedSignatureMatch(hashedPayload s
|
||||
|
||||
// Save other headers available in the request parameters.
|
||||
for k, v := range req.URL.Query() {
|
||||
|
||||
// Handle the metadata in presigned put query string
|
||||
if strings.Contains(strings.ToLower(k), "x-amz-meta-") {
|
||||
query.Set(k, v[0])
|
||||
}
|
||||
|
||||
if strings.HasPrefix(strings.ToLower(k), "x-amz") {
|
||||
// Skip AWS S3 authentication headers
|
||||
if _, ok := awsS3AuthHeaders[strings.ToLower(k)]; ok {
|
||||
continue
|
||||
}
|
||||
|
||||
query[k] = v
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user