Merge pull request #144 from harshavardhana/pr_out_verify_both_x_amz_date_and_date_header_before_discarding_request

pkg/utils/crypto/signers/signers.go

@@ -34,9 +34,12 @@ func SignRequest(user config.User, req *http.Request) {
 
 // This package implements verification side of Object API Signature request
 func ValidateRequest(user config.User, req *http.Request) (bool, error) {
-	if date := req.Header.Get("Date"); date == "" {
+	// Verify if date headers are set, if not reject the request
+	if req.Header.Get("x-amz-date") == "" {
+		if req.Header.Get("Date") == "" {
 			return false, fmt.Errorf("Date should be set")
 		}
+	}
 	hm := hmac.New(sha1.New, []byte(user.SecretKey))
 	ss := getStringToSign(req)
 	io.WriteString(hm, ss)