diff options
| author | Sebastian Kurfuerst <sebastian.kurfuerst@sandstorm.de> | 2021-12-31 22:06:18 +0100 |
|---|---|---|
| committer | Sebastian Kurfuerst <sebastian.kurfuerst@sandstorm.de> | 2021-12-31 22:06:18 +0100 |
| commit | c35660175d0ffc88a1e0097ec90bd7e000339d14 (patch) | |
| tree | f91d45a6f55bcb10c9b8a8d85669bca8f2694e23 | |
| parent | 1cd3b6b4e12e4d25e66d1c6203ba1c58081b873b (diff) | |
| download | seaweedfs-c35660175d0ffc88a1e0097ec90bd7e000339d14.tar.xz seaweedfs-c35660175d0ffc88a1e0097ec90bd7e000339d14.zip | |
BUGFIX: ensure Authorization header is only added once
| -rw-r--r-- | weed/s3api/s3api_object_handlers.go | 11 | ||||
| -rw-r--r-- | weed/util/http_util.go | 4 |
2 files changed, 9 insertions, 6 deletions
diff --git a/weed/s3api/s3api_object_handlers.go b/weed/s3api/s3api_object_handlers.go index ef27f626a..13ce60945 100644 --- a/weed/s3api/s3api_object_handlers.go +++ b/weed/s3api/s3api_object_handlers.go @@ -312,7 +312,6 @@ func (s3a *S3ApiServer) proxyToFiler(w http.ResponseWriter, r *http.Request, des glog.V(3).Infof("s3 proxying %s to %s", r.Method, destUrl) proxyReq, err := http.NewRequest(r.Method, destUrl, r.Body) - s3a.maybeAddFilerJwtAuthorization(proxyReq, isWrite) if err != nil { glog.Errorf("NewRequest %s: %v", destUrl, err) @@ -330,6 +329,9 @@ func (s3a *S3ApiServer) proxyToFiler(w http.ResponseWriter, r *http.Request, des proxyReq.Header[header] = values } + // ensure that the Authorization header is overriding any previous + // Authorization header which might be already present in proxyReq + s3a.maybeAddFilerJwtAuthorization(proxyReq, isWrite) resp, postErr := client.Do(proxyReq) if postErr != nil { @@ -376,7 +378,6 @@ func (s3a *S3ApiServer) putToFiler(r *http.Request, uploadUrl string, dataReader var body = io.TeeReader(dataReader, hash) proxyReq, err := http.NewRequest("PUT", uploadUrl, body) - s3a.maybeAddFilerJwtAuthorization(proxyReq, true) if err != nil { glog.Errorf("NewRequest %s: %v", uploadUrl, err) @@ -390,7 +391,9 @@ func (s3a *S3ApiServer) putToFiler(r *http.Request, uploadUrl string, dataReader proxyReq.Header.Add(header, value) } } - + // ensure that the Authorization header is overriding any previous + // Authorization header which might be already present in proxyReq + s3a.maybeAddFilerJwtAuthorization(proxyReq, true) resp, postErr := client.Do(proxyReq) if postErr != nil { @@ -444,7 +447,7 @@ func (s3a *S3ApiServer) maybeAddFilerJwtAuthorization(r *http.Request, isWrite b return } - r.Header.Add("Authorization", "BEARER "+string(encodedJwt)) + r.Header.Set("Authorization", "BEARER "+string(encodedJwt)) } func (s3a *S3ApiServer) maybeGetFilerJwtAuthorizationToken(isWrite bool) string { diff --git a/weed/util/http_util.go b/weed/util/http_util.go index 5c814a6d3..e658ab66b 100644 --- a/weed/util/http_util.go +++ b/weed/util/http_util.go @@ -186,7 +186,7 @@ func DownloadFile(fileUrl string, jwt string) (filename string, header http.Head } if len(jwt) > 0 { - req.Header.Add("Authorization", "BEARER "+jwt) + req.Header.Set("Authorization", "BEARER "+jwt) } response, err := client.Do(req) @@ -380,7 +380,7 @@ func ReadUrlAsReaderCloser(fileUrl string, jwt string, rangeHeader string) (io.R } if len(jwt) > 0 { - req.Header.Add("Authorization", "BEARER "+jwt) + req.Header.Set("Authorization", "BEARER "+jwt) } r, err := client.Do(req) |