Merge pull request #542 from fkautz/pr_out_make_minio_work_with_curl_and_browsers_again

2025-01-26 22:23:15 -05:00 · 2015-04-29 20:21:38 -07:00 · 2015-04-29 20:21:38 -07:00 · a521309b78
commit a521309b78
parent 73de05feb6 82a16b8848
2 changed files with 19 additions and 22 deletions
--- a/pkg/api/api_generic_handlers.go
+++ b/pkg/api/api_generic_handlers.go
@ -72,22 +72,25 @@ func (h timeHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	// Verify if date headers are set, if not reject the request
-	if r.Header.Get("x-amz-date") == "" && r.Header.Get("Date") == "" {
-		// there is no way to knowing if this is a valid request, could be a attack reject such clients
-		writeErrorResponse(w, r, RequestTimeTooSkewed, acceptsContentType, r.URL.Path)
-		return
-	}
-	date, err := getDate(r)
-	if err != nil {
-		// there is no way to knowing if this is a valid request, could be a attack reject such clients
-		writeErrorResponse(w, r, RequestTimeTooSkewed, acceptsContentType, r.URL.Path)
-		return
-	}
-	duration := time.Since(date)
-	minutes := time.Duration(5) * time.Minute
-	if duration.Minutes() > minutes.Minutes() {
-		writeErrorResponse(w, r, RequestTimeTooSkewed, acceptsContentType, r.URL.Path)
-		return
+
+	if r.Header.Get("Authorization") != "" {
+		if r.Header.Get("x-amz-date") == "" && r.Header.Get("Date") == "" {
+			// there is no way to knowing if this is a valid request, could be a attack reject such clients
+			writeErrorResponse(w, r, RequestTimeTooSkewed, acceptsContentType, r.URL.Path)
+			return
+		}
+		date, err := getDate(r)
+		if err != nil {
+			// there is no way to knowing if this is a valid request, could be a attack reject such clients
+			writeErrorResponse(w, r, RequestTimeTooSkewed, acceptsContentType, r.URL.Path)
+			return
+		}
+		duration := time.Since(date)
+		minutes := time.Duration(5) * time.Minute
+		if duration.Minutes() > minutes.Minutes() {
+			writeErrorResponse(w, r, RequestTimeTooSkewed, acceptsContentType, r.URL.Path)
+			return
+		}
 	}
 	h.handler.ServeHTTP(w, r)
 }
--- a/pkg/api/contenttype.go
+++ b/pkg/api/contenttype.go
@ -32,12 +32,6 @@ func getContentType(req *http.Request) contentType {
 	switch {
 	case acceptHeader == "application/json":
 		return jsonContentType
-	case acceptHeader == "application/xml":
-		return xmlContentType
-	case acceptHeader == "*/*":
-		return xmlContentType
-	case acceptHeader != "":
-		return unknownContentType
 	default:
 		return xmlContentType
 	}