Verify both 'x-amz-date' and 'date' header before discarding request

master
Harshavardhana 10 years ago
parent 62648c8636
commit 8087ca2450
  1. 5
      pkg/utils/crypto/signers/signers.go

@ -34,9 +34,12 @@ func SignRequest(user config.User, req *http.Request) {
// This package implements verification side of Object API Signature request
func ValidateRequest(user config.User, req *http.Request) (bool, error) {
if date := req.Header.Get("Date"); date == "" {
// Verify if date headers are set, if not reject the request
if req.Header.Get("x-amz-date") == "" {
if req.Header.Get("Date") == "" {
return false, fmt.Errorf("Date should be set")
}
}
hm := hmac.New(sha1.New, []byte(user.SecretKey))
ss := getStringToSign(req)
io.WriteString(hm, ss)

Loading…
Cancel
Save