MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-03-12 20:50:11 -04:00
Code Issues Packages Projects Releases Wiki Activity

Verify both 'x-amz-date' and 'date' header before discarding request

Browse Source
This commit is contained in:
Harshavardhana 2015-02-08 02:35:36 -08:00
parent 62648c8636
commit 8087ca2450
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/utils/crypto/signers/signers.go
View File

@ -34,9 +34,12 @@ func SignRequest(user config.User, req *http.Request) {
// This package implements verification side of Object API Signature request
func ValidateRequest(user config.User, req *http.Request) (bool, error) {
if date := req.Header.Get("Date"); date == "" {
// Verify if date headers are set, if not reject the request
if req.Header.Get("x-amz-date") == "" {
if req.Header.Get("Date") == "" {
return false, fmt.Errorf("Date should be set")
}
}
hm := hmac.New(sha1.New, []byte(user.SecretKey))
ss := getStringToSign(req)
io.WriteString(hm, ss)