Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

SSE-C is mutually exclusive with SSE-S3 and SSE-KMS

pull/7480/head
chrislu 3 weeks ago
parent
2182d2224e
commit
8425fc0fe7
1 changed files with 4 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 7
      weed/s3api/s3api_object_handlers.go

7
weed/s3api/s3api_object_handlers.go
View File

@ -247,10 +247,11 @@ func (s3a *S3ApiServer) hasConditionalHeaders(r *http.Request) bool {
// hasSSECHeaders checks if the request has SSE-C decryption headers
// SSE-C requires the customer to provide the decryption key in GET/HEAD requests
// According to S3 spec, SSE-C and SSE-KMS headers are mutually exclusive
// According to S3 spec, SSE-C is mutually exclusive with SSE-S3 and SSE-KMS
func (s3a *S3ApiServer) hasSSECHeaders(r *http.Request) bool {
// If SSE-KMS headers are present, this is not an SSE-C request (mutually exclusive)
if r.Header.Get(s3_constants.AmzServerSideEncryption) == s3_constants.SSEAlgorithmKMS ||
// If SSE-S3 or SSE-KMS headers are present, this is not an SSE-C request (mutually exclusive)
// The x-amz-server-side-encryption header is used for both SSE-S3 (AES256) and SSE-KMS (aws:kms)
if r.Header.Get(s3_constants.AmzServerSideEncryption) != "" ||
r.Header.Get(s3_constants.AmzServerSideEncryptionAwsKmsKeyId) != "" {
return false
}

Write Preview
Loading…
Cancel
Save