preserve incoming query params in success_action_redirect (#15280)

fixes #15274
This commit is contained in:
Harshavardhana 2022-07-13 07:46:44 -07:00 committed by GitHub
parent 996cac5fed
commit 788fd3df81
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 8 additions and 16 deletions

View File

@ -1116,9 +1116,10 @@ func (api objectAPIHandlers) PostPolicyBucketHandler(w http.ResponseWriter, r *h
Host: handlers.GetSourceIP(r),
})
if successRedirect != "" {
// Replace raw query params..
redirectURL.RawQuery = getRedirectPostRawQuery(objInfo)
if redirectURL != nil { // success_action_redirect is valid and set.
redirectURL.Query().Add("bucket", objInfo.Bucket)
redirectURL.Query().Add("key", objInfo.Name)
redirectURL.Query().Add("etag", "\""+objInfo.ETag+"\"")
writeRedirectSeeOther(w, redirectURL.String())
return
}

View File

@ -27,7 +27,6 @@ import (
"mime/multipart"
"net/http"
"net/textproto"
"net/url"
"regexp"
"strings"
@ -197,16 +196,6 @@ func extractMetadataFromMime(ctx context.Context, v textproto.MIMEHeader, m map[
return nil
}
// The Query string for the redirect URL the client is
// redirected on successful upload.
func getRedirectPostRawQuery(objInfo ObjectInfo) string {
redirectValues := make(url.Values)
redirectValues.Set("bucket", objInfo.Bucket)
redirectValues.Set("key", objInfo.Name)
redirectValues.Set("etag", "\""+objInfo.ETag+"\"")
return redirectValues.Encode()
}
// Returns access credentials in the request Authorization header.
func getReqAccessCred(r *http.Request, region string) (cred auth.Credentials) {
cred, _, _ = getReqAccessKeyV4(r, region, serviceS3)

View File

@ -447,7 +447,7 @@ func testPostPolicyBucketHandlerRedirect(obj ObjectLayer, instanceType string, t
targetObj := keyName + "/upload.txt"
// The url of success_action_redirect field
redirectURL, err := url.Parse("http://www.google.com")
redirectURL, err := url.Parse("http://www.google.com?query=value")
if err != nil {
t.Fatal(err)
}
@ -499,7 +499,9 @@ func testPostPolicyBucketHandlerRedirect(obj ObjectLayer, instanceType string, t
t.Error("Unexpected error: ", err)
}
redirectURL.RawQuery = getRedirectPostRawQuery(info)
redirectURL.Query().Add("bucket", info.Bucket)
redirectURL.Query().Add("key", info.Name)
redirectURL.Query().Add("etag", "\""+info.ETag+"\"")
expectedLocation := redirectURL.String()
// Check the new location url