check if metadata headers/url values are equal with signed headers (#17737)

2025-11-07 12:52:58 -05:00 · 2023-07-27 21:44:56 +03:00
parent 14ebd82dbd
commit 535f97ba61
3 changed files with 102 additions and 2 deletions
--- a/cmd/signature-v4.go
+++ b/cmd/signature-v4.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2015-2021 MinIO, Inc.
+// Copyright (c) 2015-2023 MinIO, Inc.
 //
 // This file is part of MinIO Object Storage stack
 //
@@ -229,6 +229,12 @@ func doesPresignedSignatureMatch(hashedPayload string, r *http.Request, region s
 		return errCode
 	}

+	// Check if the metadata headers are equal with signedheaders
+	errMetaCode := checkMetaHeaders(extractedSignedHeaders, r)
+	if errMetaCode != ErrNone {
+		return errMetaCode
+	}
+
 	// If the host which signed the request is slightly ahead in time (by less than globalMaxSkewTime) the
 	// request should still be allowed.
 	if pSignValues.Date.After(UTCNow().Add(globalMaxSkewTime)) {