Add aws:Referer condition key support. (#3641)

This change implements bucket policy enhancements required to restrict access based on HTTP referer. See https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-4 for more information. Fixes #3540
2025-11-07 12:52:58 -05:00 · 2017-01-30 09:15:11 +05:30
parent 69b81af93e
commit b408d0e87d
8 changed files with 181 additions and 42 deletions
--- a/cmd/bucket-policy-handlers_test.go
+++ b/cmd/bucket-policy-handlers_test.go
@@ -942,6 +942,34 @@ func TestBucketPolicyConditionMatch(t *testing.T) {

 			expectedMatch: false,
 		},
+		// Test case - 9.
+		// StringLike condition matches.
+		{
+			statementCondition: getStatementWithCondition("StringLike", "aws:Referer", "http://www.example.com/"),
+			condition:          getInnerMap("referer", "http://www.example.com/"),
+			expectedMatch:      true,
+		},
+		// Test case - 10.
+		// StringLike condition doesn't match.
+		{
+			statementCondition: getStatementWithCondition("StringLike", "aws:Referer", "http://www.example.com/"),
+			condition:          getInnerMap("referer", "www.somethingelse.com"),
+			expectedMatch:      false,
+		},
+		// Test case - 11.
+		// StringNotLike condition evaluates to false.
+		{
+			statementCondition: getStatementWithCondition("StringNotLike", "aws:Referer", "http://www.example.com/"),
+			condition:          getInnerMap("referer", "http://www.example.com/"),
+			expectedMatch:      false,
+		},
+		// Test case - 12.
+		// StringNotLike condition evaluates to true.
+		{
+			statementCondition: getStatementWithCondition("StringNotLike", "aws:Referer", "http://www.example.com/"),
+			condition:          getInnerMap("referer", "http://somethingelse.com/"),
+			expectedMatch:      true,
+		},
 	}

 	for i, tc := range testCases {