diff options
author | trinity-1686a <trinity@deuxfleurs.fr> | 2024-08-10 20:06:04 +0200 |
---|---|---|
committer | trinity-1686a <trinity@deuxfleurs.fr> | 2024-08-10 20:10:47 +0200 |
commit | f19003258964a591f6d1114d2bfad7ee1ce17dfb (patch) | |
tree | e4a5db05091442c3442f8455b0863a2ec2936380 | |
parent | 3a87bd1370eb9fefc67deec9d7dfa2187ddf9763 (diff) | |
download | garage-f19003258964a591f6d1114d2bfad7ee1ce17dfb.tar.gz garage-f19003258964a591f6d1114d2bfad7ee1ce17dfb.zip |
don't modify postobject request before validating policy
-rw-r--r-- | src/api/s3/post_object.rs | 22 |
1 files changed, 7 insertions, 15 deletions
diff --git a/src/api/s3/post_object.rs b/src/api/s3/post_object.rs index 2c106b3b..ff2361f1 100644 --- a/src/api/s3/post_object.rs +++ b/src/api/s3/post_object.rs @@ -71,21 +71,11 @@ pub async fn handle_post_object( } if let Ok(content) = HeaderValue::from_str(&field.text().await?) { - match name.as_str() { - "tag" => (/* tag need to be reencoded, but we don't support them yet anyway */), - "acl" => { - if params.insert("x-amz-acl", content).is_some() { - return Err(Error::bad_request("Field 'acl' provided more than once")); - } - } - _ => { - if params.insert(&name, content).is_some() { - return Err(Error::bad_request(format!( - "Field '{}' provided more than once", - name - ))); - } - } + if params.insert(&name, content).is_some() { + return Err(Error::bad_request(format!( + "Field '{}' provided more than once", + name + ))); } } }; @@ -222,6 +212,8 @@ pub async fn handle_post_object( ))); } + // if we ever start supporting ACLs, we likely want to map "acl" to x-amz-acl" somewhere + // arround here to make sure the rest of the machinery takes our acl into account. let headers = get_headers(¶ms)?; let expected_checksums = ExpectedChecksums { |