Redirect browser requests returning AccessDenied (#6848)

Anonymous requests from S3 resources returning AccessDenied should be auto redirected to browser for login.
2025-11-20 18:06:10 -05:00 · 2018-11-26 12:15:12 -08:00
parent dd092f6c2b
commit dba61867e8
14 changed files with 327 additions and 320 deletions
--- a/cmd/api-response.go
+++ b/cmd/api-response.go
@@ -568,13 +568,20 @@ func writeSuccessResponseHeadersOnly(w http.ResponseWriter) {
 }

 // writeErrorRespone writes error headers
-func writeErrorResponse(w http.ResponseWriter, errorCode APIErrorCode, reqURL *url.URL) {
+func writeErrorResponse(w http.ResponseWriter, errorCode APIErrorCode, reqURL *url.URL, browser bool) {
 	switch errorCode {
 	case ErrSlowDown, ErrServerNotInitialized, ErrReadQuorum, ErrWriteQuorum:
 		// Set retry-after header to indicate user-agents to retry request after 120secs.
 		// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Retry-After
 		w.Header().Set("Retry-After", "120")
+	case ErrAccessDenied:
+		if browser {
+			w.Header().Set("Location", minioReservedBucketPath+reqURL.Path)
+			w.WriteHeader(http.StatusTemporaryRedirect)
+			return
+		}
 	}
+
 	apiError := getAPIError(errorCode)
 	// Generate error response.
 	errorResponse := getAPIErrorResponse(apiError, reqURL.Path, w.Header().Get(responseRequestIDKey))