gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

S3: add s3: prefix to x-amz-* condition keys for AWS compatibility (#8765)

Browse Source 
AWS S3 policy conditions reference request headers with the s3: namespace
prefix (e.g., s3:x-amz-server-side-encryption). The extraction code was
storing these headers without the prefix, so bucket policy conditions
using the standard AWS key names would never match.
This commit is contained in:
Chris Lu
2026-03-24 14:04:42 -07:00
committed by GitHub
parent 2877febd73
commit 152884eff2
2 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
weed/s3api/policy_engine/engine.go
View File

@@ -427,10 +427,11 @@ func ExtractConditionValuesFromRequest(r *http.Request) map[string][]string {
// HTTP method
values["s3:RequestMethod"] = []string{r.Method}
// Extract custom headers
// Extract custom headers with s3: prefix for AWS-compatible condition keys
for key, headerValues := range r.Header {
if strings.HasPrefix(strings.ToLower(key), "x-amz-") {
values[strings.ToLower(key)] = headerValues
lowerKey := strings.ToLower(key)
if strings.HasPrefix(lowerKey, "x-amz-") {
values["s3:"+lowerKey] = headerValues
}
}