From 61bd861a4232ba1c22a9854b94813072bee8bdd8 Mon Sep 17 00:00:00 2001
From: Ramon de Klein <mail@ramondeklein.nl>
Date: Tue, 9 Jul 2024 13:20:25 +0200
Subject: [PATCH] Satisfy `aws:SecureTransport` policy behind reverse proxy

---
 cmd/bucket-policy.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/cmd/bucket-policy.go b/cmd/bucket-policy.go
index 4a2bd9249..24798a490 100644
--- a/cmd/bucket-policy.go
+++ b/cmd/bucket-policy.go
@@ -125,10 +125,15 @@ func getConditionValues(r *http.Request, lc string, cred auth.Credentials) map[s
 		authtype = "POST"
 	}
 
+	secureTransport := r.TLS != nil
+	if forwardedScheme := handlers.GetSourceScheme(r); forwardedScheme != "" {
+		secureTransport = forwardedScheme == "https"
+	}
+
 	args := map[string][]string{
 		"CurrentTime":      {currTime.Format(time.RFC3339)},
 		"EpochTime":        {strconv.FormatInt(currTime.Unix(), 10)},
-		"SecureTransport":  {strconv.FormatBool(r.TLS != nil)},
+		"SecureTransport":  {strconv.FormatBool(secureTransport)},
 		"SourceIp":         {handlers.GetSourceIPRaw(r)},
 		"UserAgent":        {r.UserAgent()},
 		"Referer":          {r.Referer()},