fix: Ignore AWSAccessKeyId check for SignV2 policy condition (#19673)

2025-11-07 21:02:58 -05:00 · 2024-05-06 18:52:41 +08:00
parent a03ca80269
commit 9a9a49aa84
2 changed files with 27 additions and 14 deletions
--- a/cmd/postpolicyform.go
+++ b/cmd/postpolicyform.go
@@ -347,10 +347,16 @@ func checkPostPolicy(formValues http.Header, postPolicyForm PostPolicyForm) erro
 		}
 		delete(checkHeader, formCanonicalName)
 	}
-	// For SignV2 - Signature field will be ignored
-	// Policy is generated from Signature with other fields, so it should be ignored
+	// For SignV2 - Signature/AWSAccessKeyId field will be ignored.
 	if _, ok := formValues[xhttp.AmzSignatureV2]; ok {
 		delete(checkHeader, xhttp.AmzSignatureV2)
+		for k := range checkHeader {
+			// case-insensitivity for AWSAccessKeyId
+			if strings.EqualFold(k, xhttp.AmzAccessKeyID) {
+				delete(checkHeader, k)
+				break
+			}
+		}
 	}

 	if len(checkHeader) != 0 {