diff --git a/bucket-handlers.go b/bucket-handlers.go index 66967ddae..41c6a15a9 100644 --- a/bucket-handlers.go +++ b/bucket-handlers.go @@ -600,6 +600,12 @@ func (api objectStorageAPI) HeadBucketHandler(w http.ResponseWriter, r *http.Req // For all unknown auth types return error. writeErrorResponse(w, r, ErrAccessDenied, r.URL.Path) return + case authTypeAnonymous: + // http://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html + if s3Error := enforceBucketPolicy("s3:ListBucket", bucket, r.URL); s3Error != ErrNone { + writeErrorResponse(w, r, s3Error, r.URL.Path) + return + } case authTypePresigned, authTypeSigned: if s3Error := isReqAuthenticated(r); s3Error != ErrNone { writeErrorResponse(w, r, s3Error, r.URL.Path) diff --git a/object-handlers.go b/object-handlers.go index 6f127b13a..6dab42be8 100644 --- a/object-handlers.go +++ b/object-handlers.go @@ -253,6 +253,12 @@ func (api objectStorageAPI) HeadObjectHandler(w http.ResponseWriter, r *http.Req // For all unknown auth types return error. writeErrorResponse(w, r, ErrAccessDenied, r.URL.Path) return + case authTypeAnonymous: + // http://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html + if s3Error := enforceBucketPolicy("s3:GetObject", bucket, r.URL); s3Error != ErrNone { + writeErrorResponse(w, r, s3Error, r.URL.Path) + return + } case authTypePresigned, authTypeSigned: if s3Error := isReqAuthenticated(r); s3Error != ErrNone { writeErrorResponse(w, r, s3Error, r.URL.Path)