aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortrinity-1686a <trinity@deuxfleurs.fr>2024-08-10 20:06:04 +0200
committertrinity-1686a <trinity@deuxfleurs.fr>2024-08-10 20:10:47 +0200
commitf19003258964a591f6d1114d2bfad7ee1ce17dfb (patch)
treee4a5db05091442c3442f8455b0863a2ec2936380
parent3a87bd1370eb9fefc67deec9d7dfa2187ddf9763 (diff)
downloadgarage-f19003258964a591f6d1114d2bfad7ee1ce17dfb.tar.gz
garage-f19003258964a591f6d1114d2bfad7ee1ce17dfb.zip
don't modify postobject request before validating policy
-rw-r--r--src/api/s3/post_object.rs22
1 files changed, 7 insertions, 15 deletions
diff --git a/src/api/s3/post_object.rs b/src/api/s3/post_object.rs
index 2c106b3b..ff2361f1 100644
--- a/src/api/s3/post_object.rs
+++ b/src/api/s3/post_object.rs
@@ -71,21 +71,11 @@ pub async fn handle_post_object(
}
if let Ok(content) = HeaderValue::from_str(&field.text().await?) {
- match name.as_str() {
- "tag" => (/* tag need to be reencoded, but we don't support them yet anyway */),
- "acl" => {
- if params.insert("x-amz-acl", content).is_some() {
- return Err(Error::bad_request("Field 'acl' provided more than once"));
- }
- }
- _ => {
- if params.insert(&name, content).is_some() {
- return Err(Error::bad_request(format!(
- "Field '{}' provided more than once",
- name
- )));
- }
- }
+ if params.insert(&name, content).is_some() {
+ return Err(Error::bad_request(format!(
+ "Field '{}' provided more than once",
+ name
+ )));
}
}
};
@@ -222,6 +212,8 @@ pub async fn handle_post_object(
)));
}
+ // if we ever start supporting ACLs, we likely want to map "acl" to x-amz-acl" somewhere
+ // arround here to make sure the rest of the machinery takes our acl into account.
let headers = get_headers(&params)?;
let expected_checksums = ExpectedChecksums {