Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

s3: do not persist multi part "Response-Content-Disposition" in request header (#7887) 

* fix: support standard HTTP headers in S3 multipart upload

* fix(s3api): validate standard HTTP headers correctly and avoid persisting Response-Content-Disposition

---------

Co-authored-by: steve.wei <coderushing@gmail.com>
pull/7889/head
Chris Lu 2 days ago
committed by GitHub
parent
f07ba2c5aa
commit
82dac3df03
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
2 changed files with 7 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 7
      weed/s3api/s3_metadata_util.go
  2. 10
      weed/s3api/s3api_object_handlers_multipart.go

7
weed/s3api/s3_metadata_util.go
View File

@ -47,11 +47,8 @@ func ParseS3Metadata(r *http.Request, existing map[string][]byte, isReplace bool
}
}
// Handle Response-Content-Disposition (used in presigned URLs)
// This should be stored as Content-Disposition
if rcd := r.Header.Get("Response-Content-Disposition"); rcd != "" {
metadata["Content-Disposition"] = []byte(rcd)
}
// Do NOT persist Response-Content-Disposition: it is a GET-only
// presigned-download override and must not be stored as upload metadata.
// Object tagging
if tags := r.Header.Get(s3_constants.AmzObjectTagging); tags != "" {

10
weed/s3api/s3api_object_handlers_multipart.go
View File

@ -67,16 +67,16 @@ func (s3a *S3ApiServer) NewMultipartUploadHandler(w http.ResponseWriter, r *http
}
// Validate Cache-Control header format if present
if r.Header.Get("Cache-Control") != "" {
if _, err := cacheobject.ParseRequestCacheControl(r.Header.Get("Cache-Control")); err != nil {
s3err.WriteErrorResponse(w, r, s3err.ErrInvalidDigest)
if cacheControl := r.Header.Get("Cache-Control"); cacheControl != "" {
if _, err := cacheobject.ParseRequestCacheControl(cacheControl); err != nil {
s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest)
return
}
}
// Validate Expires header format if present
if r.Header.Get("Expires") != "" {
if _, err := time.Parse(http.TimeFormat, r.Header.Get("Expires")); err != nil {
if expires := r.Header.Get("Expires"); expires != "" {
if _, err := time.Parse(http.TimeFormat, expires); err != nil {
s3err.WriteErrorResponse(w, r, s3err.ErrMalformedDate)
return
}

Write Preview
Loading…
Cancel
Save