From f19003258964a591f6d1114d2bfad7ee1ce17dfb Mon Sep 17 00:00:00 2001 From: trinity-1686a Date: Sat, 10 Aug 2024 20:06:04 +0200 Subject: don't modify postobject request before validating policy --- src/api/s3/post_object.rs | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/src/api/s3/post_object.rs b/src/api/s3/post_object.rs index 2c106b3b..ff2361f1 100644 --- a/src/api/s3/post_object.rs +++ b/src/api/s3/post_object.rs @@ -71,21 +71,11 @@ pub async fn handle_post_object( } if let Ok(content) = HeaderValue::from_str(&field.text().await?) { - match name.as_str() { - "tag" => (/* tag need to be reencoded, but we don't support them yet anyway */), - "acl" => { - if params.insert("x-amz-acl", content).is_some() { - return Err(Error::bad_request("Field 'acl' provided more than once")); - } - } - _ => { - if params.insert(&name, content).is_some() { - return Err(Error::bad_request(format!( - "Field '{}' provided more than once", - name - ))); - } - } + if params.insert(&name, content).is_some() { + return Err(Error::bad_request(format!( + "Field '{}' provided more than once", + name + ))); } } }; @@ -222,6 +212,8 @@ pub async fn handle_post_object( ))); } + // if we ever start supporting ACLs, we likely want to map "acl" to x-amz-acl" somewhere + // arround here to make sure the rest of the machinery takes our acl into account. let headers = get_headers(¶ms)?; let expected_checksums = ExpectedChecksums { -- cgit v1.2.3