Satisfy `aws:SecureTransport` policy behind reverse proxy

2024-07-09 13:20:25 +02:00 · 2024-07-09 13:20:25 +02:00 · 61bd861a42
parent 380233d646
commit 61bd861a42
1 changed files with 6 additions and 1 deletions
--- a/cmd/bucket-policy.go
+++ b/cmd/bucket-policy.go
@ -125,10 +125,15 @@ func getConditionValues(r *http.Request, lc string, cred auth.Credentials) map[s
 		authtype = "POST"
 	}

+	secureTransport := r.TLS != nil
+	if forwardedScheme := handlers.GetSourceScheme(r); forwardedScheme != "" {
+		secureTransport = forwardedScheme == "https"
+	}
+
 	args := map[string][]string{
 		"CurrentTime":      {currTime.Format(time.RFC3339)},
 		"EpochTime":        {strconv.FormatInt(currTime.Unix(), 10)},
-		"SecureTransport":  {strconv.FormatBool(r.TLS != nil)},
+		"SecureTransport":  {strconv.FormatBool(secureTransport)},
 		"SourceIp":         {handlers.GetSourceIPRaw(r)},
 		"UserAgent":        {r.UserAgent()},
 		"Referer":          {r.Referer()},