Added valid allowed internal headers (#1939)

Needed for replication of SSE-C objects to other sites while site replication. Signed-off-by: Shubhendu Ram Tripathi <shubhendu@minio.io>
minio · Feb 23, 2024 · a0865af · a0865af
1 parent de3d492
commit a0865af
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 3 deletions.
diff --git a/api-compose-object.go b/api-compose-object.go
@@ -119,7 +119,7 @@ func (opts CopyDestOptions) Marshal(header http.Header) {
 	if opts.ReplaceMetadata {
 		header.Set("x-amz-metadata-directive", replaceDirective)
 		for k, v := range filterCustomMeta(opts.UserMetadata) {
-			if isAmzHeader(k) || isStandardHeader(k) || isStorageClassHeader(k) {
+			if isAmzHeader(k) || isStandardHeader(k) || isStorageClassHeader(k) || isValidReplicationEncryptionHeader(k) {
 				header.Set(k, v)
 			} else {
 				header.Set("x-amz-meta-"+k, v)

diff --git a/api-put-object.go b/api-put-object.go
@@ -212,7 +212,7 @@ func (opts PutObjectOptions) Header() (header http.Header) {
 	}
 
 	for k, v := range opts.UserMetadata {
-		if isAmzHeader(k) || isStandardHeader(k) || isStorageClassHeader(k) {
+		if isAmzHeader(k) || isStandardHeader(k) || isStorageClassHeader(k) || isValidReplicationEncryptionHeader(k) {
 			header.Set(k, v)
 		} else {
 			header.Set("x-amz-meta-"+k, v)
@@ -230,7 +230,7 @@ func (opts PutObjectOptions) Header() (header http.Header) {
 // validate() checks if the UserMetadata map has standard headers or and raises an error if so.
 func (opts PutObjectOptions) validate() (err error) {
 	for k, v := range opts.UserMetadata {
-		if !httpguts.ValidHeaderFieldName(k) || isStandardHeader(k) || isSSEHeader(k) || isStorageClassHeader(k) {
+		if !httpguts.ValidHeaderFieldName(k) || isStandardHeader(k) || isSSEHeader(k) || isStorageClassHeader(k) || isValidReplicationEncryptionHeader(k) {
 			return errInvalidArgument(k + " unsupported user defined metadata name")
 		}
 		if !httpguts.ValidHeaderFieldValue(v) {

diff --git a/utils.go b/utils.go
@@ -512,6 +512,19 @@ func isAmzHeader(headerKey string) bool {
 	return strings.HasPrefix(key, "x-amz-meta-") || strings.HasPrefix(key, "x-amz-grant-") || key == "x-amz-acl" || isSSEHeader(headerKey) || strings.HasPrefix(key, "x-amz-checksum-")
 }
 
+var supportedReplicationEncryptionHeaders = map[string]bool{
+	"x-minio-replication-server-side-encryption-sealed-key":     true,
+	"x-minio-replication-server-side-encryption-seal-algorithm": true,
+	"x-minio-replication-server-side-encryption-iv":             true,
+	// Add more supported headers here.
+	// Must be lower case.
+}
+
+// isValidReplicationEncryptionHeader returns true if header is one of valid replication encryption headers
+func isValidReplicationEncryptionHeader(headerKey string) bool {
+	return supportedReplicationEncryptionHeaders[strings.ToLower(headerKey)]
+}
+
 // supportedQueryValues is a list of query strings that can be passed in when using GetObject.
 var supportedQueryValues = map[string]bool{
 	"attributes":                   true,