From f19003258964a591f6d1114d2bfad7ee1ce17dfb Mon Sep 17 00:00:00 2001
From: trinity-1686a <trinity@deuxfleurs.fr>
Date: Sat, 10 Aug 2024 20:06:04 +0200
Subject: don't modify postobject request before validating policy

---
 src/api/s3/post_object.rs | 22 +++++++---------------
 1 file changed, 7 insertions(+), 15 deletions(-)

diff --git a/src/api/s3/post_object.rs b/src/api/s3/post_object.rs
index 2c106b3b..ff2361f1 100644
--- a/src/api/s3/post_object.rs
+++ b/src/api/s3/post_object.rs
@@ -71,21 +71,11 @@ pub async fn handle_post_object(
 		}
 
 		if let Ok(content) = HeaderValue::from_str(&field.text().await?) {
-			match name.as_str() {
-				"tag" => (/* tag need to be reencoded, but we don't support them yet anyway */),
-				"acl" => {
-					if params.insert("x-amz-acl", content).is_some() {
-						return Err(Error::bad_request("Field 'acl' provided more than once"));
-					}
-				}
-				_ => {
-					if params.insert(&name, content).is_some() {
-						return Err(Error::bad_request(format!(
-							"Field '{}' provided more than once",
-							name
-						)));
-					}
-				}
+			if params.insert(&name, content).is_some() {
+				return Err(Error::bad_request(format!(
+					"Field '{}' provided more than once",
+					name
+				)));
 			}
 		}
 	};
@@ -222,6 +212,8 @@ pub async fn handle_post_object(
 		)));
 	}
 
+	// if we ever start supporting ACLs, we likely want to map "acl" to x-amz-acl" somewhere
+	// arround here to make sure the rest of the machinery takes our acl into account.
 	let headers = get_headers(&params)?;
 
 	let expected_checksums = ExpectedChecksums {
-- 
cgit v1.2.3