Skip to content

Commit

Permalink
Added valid allowed internal headers (#1939)
Browse files Browse the repository at this point in the history
Needed for replication of SSE-C objects to other sites while
site replication.

Signed-off-by: Shubhendu Ram Tripathi <[email protected]>
  • Loading branch information
shtripat authored Feb 23, 2024
1 parent de3d492 commit a0865af
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 3 deletions.
2 changes: 1 addition & 1 deletion api-compose-object.go
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ func (opts CopyDestOptions) Marshal(header http.Header) {
if opts.ReplaceMetadata {
header.Set("x-amz-metadata-directive", replaceDirective)
for k, v := range filterCustomMeta(opts.UserMetadata) {
if isAmzHeader(k) || isStandardHeader(k) || isStorageClassHeader(k) {
if isAmzHeader(k) || isStandardHeader(k) || isStorageClassHeader(k) || isValidReplicationEncryptionHeader(k) {
header.Set(k, v)
} else {
header.Set("x-amz-meta-"+k, v)
Expand Down
4 changes: 2 additions & 2 deletions api-put-object.go
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,7 @@ func (opts PutObjectOptions) Header() (header http.Header) {
}

for k, v := range opts.UserMetadata {
if isAmzHeader(k) || isStandardHeader(k) || isStorageClassHeader(k) {
if isAmzHeader(k) || isStandardHeader(k) || isStorageClassHeader(k) || isValidReplicationEncryptionHeader(k) {
header.Set(k, v)
} else {
header.Set("x-amz-meta-"+k, v)
Expand All @@ -230,7 +230,7 @@ func (opts PutObjectOptions) Header() (header http.Header) {
// validate() checks if the UserMetadata map has standard headers or and raises an error if so.
func (opts PutObjectOptions) validate() (err error) {
for k, v := range opts.UserMetadata {
if !httpguts.ValidHeaderFieldName(k) || isStandardHeader(k) || isSSEHeader(k) || isStorageClassHeader(k) {
if !httpguts.ValidHeaderFieldName(k) || isStandardHeader(k) || isSSEHeader(k) || isStorageClassHeader(k) || isValidReplicationEncryptionHeader(k) {
return errInvalidArgument(k + " unsupported user defined metadata name")
}
if !httpguts.ValidHeaderFieldValue(v) {
Expand Down
13 changes: 13 additions & 0 deletions utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -512,6 +512,19 @@ func isAmzHeader(headerKey string) bool {
return strings.HasPrefix(key, "x-amz-meta-") || strings.HasPrefix(key, "x-amz-grant-") || key == "x-amz-acl" || isSSEHeader(headerKey) || strings.HasPrefix(key, "x-amz-checksum-")
}

var supportedReplicationEncryptionHeaders = map[string]bool{
"x-minio-replication-server-side-encryption-sealed-key": true,
"x-minio-replication-server-side-encryption-seal-algorithm": true,
"x-minio-replication-server-side-encryption-iv": true,
// Add more supported headers here.
// Must be lower case.
}

// isValidReplicationEncryptionHeader returns true if header is one of valid replication encryption headers
func isValidReplicationEncryptionHeader(headerKey string) bool {
return supportedReplicationEncryptionHeaders[strings.ToLower(headerKey)]
}

// supportedQueryValues is a list of query strings that can be passed in when using GetObject.
var supportedQueryValues = map[string]bool{
"attributes": true,
Expand Down

0 comments on commit a0865af

Please sign in to comment.