MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 12:52:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

security: Remove insecure custom headers (#10244)

Browse Source 
Background: https://github.com/google/security-research/security/advisories/GHSA-76wf-9vgp-pj7w

Remove these custom headers from incoming and outgoing requests.
This commit is contained in:
Klaus Post
2020-08-11 08:29:29 -07:00
committed by GitHub
parent 9179cdfc9d
commit f8f290e848
8 changed files with 42 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
cmd/http/headers.go
View File

@@ -102,6 +102,9 @@ const (
AmzSecurityToken = "X-Amz-Security-Token"
AmzDecodedContentLength = "X-Amz-Decoded-Content-Length"
AmzMetaUnencryptedContentLength = "X-Amz-Meta-X-Amz-Unencrypted-Content-Length"
AmzMetaUnencryptedContentMD5 = "X-Amz-Meta-X-Amz-Unencrypted-Content-Md5"
// Signature v2 related constants
AmzSignatureV2 = "Signature"
AmzAccessKeyID = "AWSAccessKeyId"