Missing x-amz-server-side-encryption header when creating folders

[cyberduck]

bc6d0fa created the issue

Steps to replicate:

1. Create a new bucket and apply the bucket policy from this page: http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
2. Connect using Cyberduck and enable server side encryption in the preferences.
3. Try to upload a normal file and it should work.
4. Create a new folder and it would fail.

Creating a new folder via the AWS CLI works:

aws s3api put-object --server-side-encryption AES256 --key test/ --bucket

Setting the s3.metadata.default to include the encryption header doesn't work either. It seems like creating a new folder doesn't include the x-amz-server-side-encryption header.

[cyberduck]

@dkocher commented

In 4e5aba2.

[cyberduck]

@dkocher commented

We use the following bucket policy for testing

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "DenyIncorrectEncryptionHeader",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::test-eu-central-1-sse/*",
            "Condition": {
                "StringNotEquals": {
                    "s3:x-amz-server-side-encryption": "AES256"
                }
            }
        },
        {
            "Sid": "DenyUnEncryptedObjectUploads",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::test-eu-central-1-sse/*",
            "Condition": {
                "Null": {
                    "s3:x-amz-server-side-encryption": "true"
                }
            }
        }
    ]
}

[cyberduck]

@dkocher commented

In 95e6c76.

[cyberduck]

@dkocher commented

In 7fea217.

[cyberduck]

@dkocher commented

Milestone renamed