From c35660175d0ffc88a1e0097ec90bd7e000339d14 Mon Sep 17 00:00:00 2001 From: Sebastian Kurfuerst Date: Fri, 31 Dec 2021 22:06:18 +0100 Subject: [PATCH] BUGFIX: ensure Authorization header is only added once --- weed/s3api/s3api_object_handlers.go | 11 +++++++---- weed/util/http_util.go | 4 ++-- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/weed/s3api/s3api_object_handlers.go b/weed/s3api/s3api_object_handlers.go index ef27f626a..13ce60945 100644 --- a/weed/s3api/s3api_object_handlers.go +++ b/weed/s3api/s3api_object_handlers.go @@ -312,7 +312,6 @@ func (s3a *S3ApiServer) proxyToFiler(w http.ResponseWriter, r *http.Request, des glog.V(3).Infof("s3 proxying %s to %s", r.Method, destUrl) proxyReq, err := http.NewRequest(r.Method, destUrl, r.Body) - s3a.maybeAddFilerJwtAuthorization(proxyReq, isWrite) if err != nil { glog.Errorf("NewRequest %s: %v", destUrl, err) @@ -330,6 +329,9 @@ func (s3a *S3ApiServer) proxyToFiler(w http.ResponseWriter, r *http.Request, des proxyReq.Header[header] = values } + // ensure that the Authorization header is overriding any previous + // Authorization header which might be already present in proxyReq + s3a.maybeAddFilerJwtAuthorization(proxyReq, isWrite) resp, postErr := client.Do(proxyReq) if postErr != nil { @@ -376,7 +378,6 @@ func (s3a *S3ApiServer) putToFiler(r *http.Request, uploadUrl string, dataReader var body = io.TeeReader(dataReader, hash) proxyReq, err := http.NewRequest("PUT", uploadUrl, body) - s3a.maybeAddFilerJwtAuthorization(proxyReq, true) if err != nil { glog.Errorf("NewRequest %s: %v", uploadUrl, err) @@ -390,7 +391,9 @@ func (s3a *S3ApiServer) putToFiler(r *http.Request, uploadUrl string, dataReader proxyReq.Header.Add(header, value) } } - + // ensure that the Authorization header is overriding any previous + // Authorization header which might be already present in proxyReq + s3a.maybeAddFilerJwtAuthorization(proxyReq, true) resp, postErr := client.Do(proxyReq) if postErr != nil { @@ -444,7 +447,7 @@ func (s3a *S3ApiServer) maybeAddFilerJwtAuthorization(r *http.Request, isWrite b return } - r.Header.Add("Authorization", "BEARER "+string(encodedJwt)) + r.Header.Set("Authorization", "BEARER "+string(encodedJwt)) } func (s3a *S3ApiServer) maybeGetFilerJwtAuthorizationToken(isWrite bool) string { diff --git a/weed/util/http_util.go b/weed/util/http_util.go index 5c814a6d3..e658ab66b 100644 --- a/weed/util/http_util.go +++ b/weed/util/http_util.go @@ -186,7 +186,7 @@ func DownloadFile(fileUrl string, jwt string) (filename string, header http.Head } if len(jwt) > 0 { - req.Header.Add("Authorization", "BEARER "+jwt) + req.Header.Set("Authorization", "BEARER "+jwt) } response, err := client.Do(req) @@ -380,7 +380,7 @@ func ReadUrlAsReaderCloser(fileUrl string, jwt string, rangeHeader string) (io.R } if len(jwt) > 0 { - req.Header.Add("Authorization", "BEARER "+jwt) + req.Header.Set("Authorization", "BEARER "+jwt) } r, err := client.Do(req)