From 28de5bbe86b0bd73e3b0f1450732a7bdbceaf3bd Mon Sep 17 00:00:00 2001 From: chrislu Date: Tue, 15 Jul 2025 08:30:14 -0700 Subject: [PATCH] fix --- weed/s3api/auth_signature_v4.go | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/weed/s3api/auth_signature_v4.go b/weed/s3api/auth_signature_v4.go index 9b2134f0b..74b6eaba6 100644 --- a/weed/s3api/auth_signature_v4.go +++ b/weed/s3api/auth_signature_v4.go @@ -271,8 +271,10 @@ func (iam *IdentityAccessManagement) doesPresignedSignatureMatch(hashedPayload s extractedSignedHeaders := make(http.Header) for _, header := range signedHeaders { if header == "host" { - extractedSignedHeaders.Set("host", r.Host) - } else if values := r.Header[http.CanonicalHeaderKey(header)]; len(values) > 0 { + extractedSignedHeaders[header] = []string{r.Host} + continue + } + if values := r.Header[http.CanonicalHeaderKey(header)]; len(values) > 0 { extractedSignedHeaders[http.CanonicalHeaderKey(header)] = values } } @@ -433,10 +435,9 @@ func extractSignedHeaders(signedHeaders []string, r *http.Request) (http.Header, } // For all other headers we need to find them in the HTTP headers and copy them over. // We skip non-existent headers to be compatible with AWS signatures. - if _, ok := reqHeaders[http.CanonicalHeaderKey(header)]; !ok { - continue + if values, ok := reqHeaders[http.CanonicalHeaderKey(header)]; ok { + extractedSignedHeaders[header] = values } - extractedSignedHeaders[header] = reqHeaders[http.CanonicalHeaderKey(header)] } return extractedSignedHeaders, s3err.ErrNone } @@ -588,11 +589,11 @@ func encodePath(pathName string) string { case '-', '_', '.', '~', '/': // ยง2.3 Unreserved characters (mark) encodedPathname = encodedPathname + string(s) default: - len := utf8.RuneLen(s) - if len < 0 { + runeLen := utf8.RuneLen(s) + if runeLen < 0 { return pathName } - u := make([]byte, len) + u := make([]byte, runeLen) utf8.EncodeRune(u, s) for _, r := range u { hex := hex.EncodeToString([]byte{r})