MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-01-11 15:03:22 -05:00
Code Issues Packages Projects Releases Wiki Activity

Make minio work with curl and browsers again

Browse Source
This commit is contained in:
Frederick F. Kautz IV 2015-04-29 18:30:17 -07:00
parent 73de05feb6
commit 82a16b8848
2 changed files with 19 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
pkg/api/api_generic_handlers.go
View File

@ -72,22 +72,25 @@ func (h timeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
return
}
// Verify if date headers are set, if not reject the request
if r.Header.Get("x-amz-date") == "" && r.Header.Get("Date") == "" {
// there is no way to knowing if this is a valid request, could be a attack reject such clients
writeErrorResponse(w, r, RequestTimeTooSkewed, acceptsContentType, r.URL.Path)
return
}
date, err := getDate(r)
if err != nil {
// there is no way to knowing if this is a valid request, could be a attack reject such clients
writeErrorResponse(w, r, RequestTimeTooSkewed, acceptsContentType, r.URL.Path)
return
}
duration := time.Since(date)
minutes := time.Duration(5) * time.Minute
if duration.Minutes() > minutes.Minutes() {
writeErrorResponse(w, r, RequestTimeTooSkewed, acceptsContentType, r.URL.Path)
return
if r.Header.Get("Authorization") != "" {
if r.Header.Get("x-amz-date") == "" && r.Header.Get("Date") == "" {
// there is no way to knowing if this is a valid request, could be a attack reject such clients
writeErrorResponse(w, r, RequestTimeTooSkewed, acceptsContentType, r.URL.Path)
return
}
date, err := getDate(r)
if err != nil {
// there is no way to knowing if this is a valid request, could be a attack reject such clients
writeErrorResponse(w, r, RequestTimeTooSkewed, acceptsContentType, r.URL.Path)
return
}
duration := time.Since(date)
minutes := time.Duration(5) * time.Minute
if duration.Minutes() > minutes.Minutes() {
writeErrorResponse(w, r, RequestTimeTooSkewed, acceptsContentType, r.URL.Path)
return
}
}
h.handler.ServeHTTP(w, r)
}

6
pkg/api/contenttype.go
View File

@ -32,12 +32,6 @@ func getContentType(req *http.Request) contentType {
switch {
case acceptHeader == "application/json":
return jsonContentType
case acceptHeader == "application/xml":
return xmlContentType
case acceptHeader == "*/*":
return xmlContentType
case acceptHeader != "":
return unknownContentType
default:
return xmlContentType
}