gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

s3: do not persist multi part "Response-Content-Disposition" in request header (#7887)

Browse Source 
* fix: support standard HTTP headers in S3 multipart upload

* fix(s3api): validate standard HTTP headers correctly and avoid persisting Response-Content-Disposition

---------

Co-authored-by: steve.wei <coderushing@gmail.com>
This commit is contained in:
Chris Lu
2025-12-26 13:21:15 -08:00
committed by GitHub
parent f07ba2c5aa
commit 82dac3df03
2 changed files with 7 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
weed/s3api/s3_metadata_util.go
View File

@@ -47,11 +47,8 @@ func ParseS3Metadata(r *http.Request, existing map[string][]byte, isReplace bool
}
}
// Handle Response-Content-Disposition (used in presigned URLs)
// This should be stored as Content-Disposition
if rcd := r.Header.Get("Response-Content-Disposition"); rcd != "" {
metadata["Content-Disposition"] = []byte(rcd)
}
// Do NOT persist Response-Content-Disposition: it is a GET-only
// presigned-download override and must not be stored as upload metadata.
// Object tagging
if tags := r.Header.Get(s3_constants.AmzObjectTagging); tags != "" {

10
weed/s3api/s3api_object_handlers_multipart.go
View File

@@ -67,16 +67,16 @@ func (s3a *S3ApiServer) NewMultipartUploadHandler(w http.ResponseWriter, r *http
}
// Validate Cache-Control header format if present
if r.Header.Get("Cache-Control") != "" {
if _, err := cacheobject.ParseRequestCacheControl(r.Header.Get("Cache-Control")); err != nil {
s3err.WriteErrorResponse(w, r, s3err.ErrInvalidDigest)
if cacheControl := r.Header.Get("Cache-Control"); cacheControl != "" {
if _, err := cacheobject.ParseRequestCacheControl(cacheControl); err != nil {
s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest)
return
}
}
// Validate Expires header format if present
if r.Header.Get("Expires") != "" {
if _, err := time.Parse(http.TimeFormat, r.Header.Get("Expires")); err != nil {
if expires := r.Header.Get("Expires"); expires != "" {
if _, err := time.Parse(http.TimeFormat, expires); err != nil {
s3err.WriteErrorResponse(w, r, s3err.ErrMalformedDate)
return
}