gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

s3api: preserve Host header port in signature verification (#8434)

Browse Source 
Avoid stripping default ports (80/443) from the Host header in extractHostHeader.
This fixes SignatureDoesNotMatch errors when SeaweedFS is accessed via a proxy
(like Kong Ingress) that explicitly includes the port in the Host header or
X-Forwarded-Host, which S3 clients sign.

Also cleaned up unused variables and logic after refactoring.
This commit is contained in:
Chris Lu
2026-02-24 13:09:40 -08:00
committed by GitHub
parent f4af1cc0ba
commit 98d89ffad7
3 changed files with 32 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
weed/s3api/auto_signature_v4_test.go
View File

@@ -415,13 +415,13 @@ func TestSignatureV4WithoutProxy(t *testing.T) {
name: "HTTP with standard port",
host: "backend:80",
proto: "http",
expectedHost: "backend",
expectedHost: "backend:80",
},
{
name: "HTTPS with standard port",
host: "backend:443",
proto: "https",
expectedHost: "backend",
expectedHost: "backend:443",
},
{
name: "HTTP without port",
@@ -451,13 +451,13 @@ func TestSignatureV4WithoutProxy(t *testing.T) {
name: "IPv6 HTTP with standard port",
host: "[::1]:80",
proto: "http",
expectedHost: "::1",
expectedHost: "[::1]:80",
},
{
name: "IPv6 HTTPS with standard port",
host: "[::1]:443",
proto: "https",
expectedHost: "::1",
expectedHost: "[::1]:443",
},
{
name: "IPv6 HTTP without port",