diff --git a/cmd/auth-handler.go b/cmd/auth-handler.go index a48989f12..a979ae961 100644 --- a/cmd/auth-handler.go +++ b/cmd/auth-handler.go @@ -63,7 +63,9 @@ func isRequestPostPolicySignatureV4(r *http.Request) bool { // Verify if the request has AWS Streaming Signature Version '4'. This is only valid for 'PUT' operation. func isRequestSignStreamingV4(r *http.Request) bool { - return r.Header.Get("x-amz-content-sha256") == streamingContentSHA256 && r.Method == httpPUT + return r.Header.Get("x-amz-content-sha256") == streamingContentSHA256 && + r.Header.Get("content-encoding") == streamingContentEncoding && + r.Method == httpPUT } // Authorization type. diff --git a/cmd/auth-handler_test.go b/cmd/auth-handler_test.go index fbb78d4e2..b67398bdf 100644 --- a/cmd/auth-handler_test.go +++ b/cmd/auth-handler_test.go @@ -43,6 +43,7 @@ func TestGetRequestAuthType(t *testing.T) { Header: http.Header{ "Authorization": []string{"AWS4-HMAC-SHA256 "}, "X-Amz-Content-Sha256": []string{streamingContentSHA256}, + "Content-Encoding": []string{streamingContentEncoding}, }, Method: "PUT", }, diff --git a/cmd/object-handlers.go b/cmd/object-handlers.go index a3ef52f9f..ff00f034a 100644 --- a/cmd/object-handlers.go +++ b/cmd/object-handlers.go @@ -421,6 +421,13 @@ func (api objectAPIHandlers) PutObjectHandler(w http.ResponseWriter, r *http.Req // Extract metadata to be saved from incoming HTTP header. metadata := extractMetadataFromHeader(r.Header) + if rAuthType == authTypeStreamingSigned { + // Make sure to delete the content-encoding parameter + // for a streaming signature which is set to value + // "aws-chunked" + delete(metadata, "content-encoding") + } + // Make sure we hex encode md5sum here. metadata["md5Sum"] = hex.EncodeToString(md5Bytes) diff --git a/cmd/object-handlers_test.go b/cmd/object-handlers_test.go index 95e126202..e68a80ae4 100644 --- a/cmd/object-handlers_test.go +++ b/cmd/object-handlers_test.go @@ -682,6 +682,13 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam continue } + objInfo, err := obj.GetObjectInfo(testCase.bucketName, testCase.objectName) + if err != nil { + t.Fatalf("Test %d: %s: Failed to fetch the copied object: %s", i+1, instanceType, err) + } + if objInfo.ContentEncoding == streamingContentEncoding { + t.Fatalf("Test %d: %s: ContentEncoding is set to \"aws-chunked\" which is unexpected", i+1, instanceType) + } buffer := new(bytes.Buffer) err = obj.GetObject(testCase.bucketName, testCase.objectName, 0, int64(testCase.dataLen), buffer) if err != nil { diff --git a/cmd/streaming-signature-v4.go b/cmd/streaming-signature-v4.go index 9383c17a0..4fc4eca21 100644 --- a/cmd/streaming-signature-v4.go +++ b/cmd/streaming-signature-v4.go @@ -34,9 +34,10 @@ import ( // Streaming AWS Signature Version '4' constants. const ( - emptySHA256 = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" - streamingContentSHA256 = "STREAMING-AWS4-HMAC-SHA256-PAYLOAD" - signV4ChunkedAlgorithm = "AWS4-HMAC-SHA256-PAYLOAD" + emptySHA256 = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" + streamingContentSHA256 = "STREAMING-AWS4-HMAC-SHA256-PAYLOAD" + signV4ChunkedAlgorithm = "AWS4-HMAC-SHA256-PAYLOAD" + streamingContentEncoding = "aws-chunked" ) // getChunkSignature - get chunk signature.