Browse Source

fix

pull/6094/head
chrislu 3 months ago
parent
commit
a3a8f6217e
  1. 5
      weed/s3api/auth_signature_v4.go
  2. 2
      weed/s3api/policy/post-policy.go

5
weed/s3api/auth_signature_v4.go

@ -149,11 +149,11 @@ func (iam *IdentityAccessManagement) doesSignatureMatch(hashedPayload string, r
}
if forwardedPrefix := r.Header.Get("X-Forwarded-Prefix"); forwardedPrefix != "" {
// Handling usage of reverse proxy at prefix. Note that it's an undefined behavior for AWS S3 and not supported in MinIO.
// Handling usage of reverse proxy at prefix.
// Trying with prefix before main path.
// Get canonical request.
canonicalRequest := getCanonicalRequest(extractedSignedHeaders, hashedPayload, queryStr, forwardedPrefix + req.URL.Path, req.Method)
canonicalRequest := getCanonicalRequest(extractedSignedHeaders, hashedPayload, queryStr, forwardedPrefix+req.URL.Path, req.Method)
errCode = iam.genAndCompareSignatureV4(canonicalRequest, cred.SecretKey, t, signV4Values)
if errCode == s3err.ErrNone {
@ -686,7 +686,6 @@ func extractSignedHeaders(signedHeaders []string, r *http.Request) (http.Header,
case "host":
// Go http server removes "host" from Request.Header
if forwardedHost := r.Header.Get("X-Forwarded-Host"); forwardedHost != "" {
// Trying to use reverse proxy at prefix. Note that it's an undefined behavior for AWS S3 and not supported in MinIO.
extractedSignedHeaders.Set(header, forwardedHost)
} else if forwardedFor := r.Header.Get("X-Forwarded-For"); forwardedFor != "" {
extractedSignedHeaders.Set(header, forwardedFor)

2
weed/s3api/policy/post-policy.go

@ -315,6 +315,6 @@ func errInvalidArgument(message string) error {
StatusCode: http.StatusBadRequest,
Code: "InvalidArgument",
Message: message,
RequestID: "minio",
RequestID: "client",
}
}
Loading…
Cancel
Save