Merge pull request #542 from fkautz/pr_out_make_minio_work_with_curl_and_browsers_again

master
Frederick F. Kautz IV 10 years ago
commit a521309b78
  1. 35
      pkg/api/api_generic_handlers.go
  2. 6
      pkg/api/contenttype.go

@ -72,22 +72,25 @@ func (h timeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
return
}
// Verify if date headers are set, if not reject the request
if r.Header.Get("x-amz-date") == "" && r.Header.Get("Date") == "" {
// there is no way to knowing if this is a valid request, could be a attack reject such clients
writeErrorResponse(w, r, RequestTimeTooSkewed, acceptsContentType, r.URL.Path)
return
}
date, err := getDate(r)
if err != nil {
// there is no way to knowing if this is a valid request, could be a attack reject such clients
writeErrorResponse(w, r, RequestTimeTooSkewed, acceptsContentType, r.URL.Path)
return
}
duration := time.Since(date)
minutes := time.Duration(5) * time.Minute
if duration.Minutes() > minutes.Minutes() {
writeErrorResponse(w, r, RequestTimeTooSkewed, acceptsContentType, r.URL.Path)
return
if r.Header.Get("Authorization") != "" {
if r.Header.Get("x-amz-date") == "" && r.Header.Get("Date") == "" {
// there is no way to knowing if this is a valid request, could be a attack reject such clients
writeErrorResponse(w, r, RequestTimeTooSkewed, acceptsContentType, r.URL.Path)
return
}
date, err := getDate(r)
if err != nil {
// there is no way to knowing if this is a valid request, could be a attack reject such clients
writeErrorResponse(w, r, RequestTimeTooSkewed, acceptsContentType, r.URL.Path)
return
}
duration := time.Since(date)
minutes := time.Duration(5) * time.Minute
if duration.Minutes() > minutes.Minutes() {
writeErrorResponse(w, r, RequestTimeTooSkewed, acceptsContentType, r.URL.Path)
return
}
}
h.handler.ServeHTTP(w, r)
}

@ -32,12 +32,6 @@ func getContentType(req *http.Request) contentType {
switch {
case acceptHeader == "application/json":
return jsonContentType
case acceptHeader == "application/xml":
return xmlContentType
case acceptHeader == "*/*":
return xmlContentType
case acceptHeader != "":
return unknownContentType
default:
return xmlContentType
}

Loading…
Cancel
Save