-
Notifications
You must be signed in to change notification settings - Fork 5.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
putObject
request without Content-MD5
header on bucket with object lock should fail
#16480
Comments
which version of |
minio
mc
|
Okay I see now we had this on purpose since it didn't make sense to force clients to add ContentMd5 @tPl0ch md5 is slow and CPU heavy we really don't want client resources to be spent on this - so it was relaxed. how does it help you for us to return an error? is it just compatibility for compatibility's sake? |
As I mentioned before, we use minio as a local and ci development tool for our test suite to point our live clients at:
I tried to add a regression test for this use case and it was not possible with minio. I could work around that by using a failing stub instead of the integration client itself, but I thought it was something worth reporting.
This MD5 check would only be required when object locking with retention is enabled on the bucket though, which might mean that most of the clients remain unaffected by that change. But yes, in theory it's a BC breaking change that can affect existing clients that depend on the current behavior. @harshavardhana |
What a random feature. Now that we have content checksums we can enforce this without too major of a downside, since they are much faster than MD5. The clients will already add CRC when it can and with MD5 disabled. My main regression concern would be streaming uploads that are sent without any checksums on TLS. We would need streaming checksums for this. If TLS | x-amz-checksum- | md5 | sha256 signed v4 then we accept the upload. This means we only reject plain HTTP without any kind of checksum and |
Expected Behavior
From the AWS
putObject
API documentation:minio should fail when no Content-MD5 OR x-amz-checksum- HTTP header is present in the request
Current Behavior
No error is raised. See logs in steps to reproduce.
Possible Solution
Raise an error with status code 400 and given error message.
Steps to Reproduce (for bugs)
putObject
request withoutContent-MD5
Context
I am trying to use
minio
as a backend for integration testing an S3 Scala library that should behave like the real thing. I understand that this is neither a primary nor revenue generating use-case. We came across a bug that slipped through due to this misaligned behavior.Regression
Not sure TBH...
Your Environment
The text was updated successfully, but these errors were encountered: