From fcd5d7e90d3f15bd8bd175bdd5ce0e4aa606baa4 Mon Sep 17 00:00:00 2001 From: naveenpaul1 Date: Thu, 5 Dec 2024 11:04:13 +0530 Subject: [PATCH] NSFS | S3 throwing error for empty header and default port for STS Signed-off-by: naveenpaul1 --- config.js | 3 ++- src/endpoint/endpoint.js | 2 +- src/endpoint/s3/s3_rest.js | 9 ++++++++- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/config.js b/config.js index 1dd31806ff..20fb4a7c7c 100644 --- a/config.js +++ b/config.js @@ -898,7 +898,8 @@ config.NSFS_NC_CONFIG_DIR_BACKEND = ''; config.NSFS_NC_STORAGE_BACKEND = ''; config.ENDPOINT_PORT = Number(process.env.ENDPOINT_PORT) || 6001; config.ENDPOINT_SSL_PORT = Number(process.env.ENDPOINT_SSL_PORT) || 6443; -config.ENDPOINT_SSL_STS_PORT = Number(process.env.ENDPOINT_SSL_STS_PORT) || -1; +// Remove the NSFS condition when NSFS starts to support STS. +config.ENDPOINT_SSL_STS_PORT = Number(process.env.ENDPOINT_SSL_STS_PORT) || (process.env.NC_NSFS_NO_DB_ENV === 'true' ? -1 : 7443); config.ENDPOINT_SSL_IAM_PORT = Number(process.env.ENDPOINT_SSL_IAM_PORT) || -1; config.ALLOW_HTTP = false; // config files should allow access to the owner of the files diff --git a/src/endpoint/endpoint.js b/src/endpoint/endpoint.js index c4c817500e..c4f452a809 100755 --- a/src/endpoint/endpoint.js +++ b/src/endpoint/endpoint.js @@ -197,7 +197,7 @@ async function main(options = {}) { // START S3, STS & IAM SERVERS & CERTS const http_port_s3 = options.http_port || config.ENDPOINT_PORT; const https_port_s3 = options.https_port || config.ENDPOINT_SSL_PORT; - const https_port_sts = options.https_port_sts || Number(process.env.ENDPOINT_SSL_PORT_STS) || 7443; // || (process.env.NC_NSFS_NO_DB_ENV === 'true' ? -1 : 7443); + const https_port_sts = options.https_port_sts || config.ENDPOINT_SSL_STS_PORT; const https_port_iam = options.https_port_iam || config.ENDPOINT_SSL_IAM_PORT; await start_server_and_cert(SERVICES_TYPES_ENUM.S3, init_request_sdk, diff --git a/src/endpoint/s3/s3_rest.js b/src/endpoint/s3/s3_rest.js index 48ce6a00b4..e7b2691542 100755 --- a/src/endpoint/s3/s3_rest.js +++ b/src/endpoint/s3/s3_rest.js @@ -96,6 +96,13 @@ async function handle_request(req, res) { error_token_expired: S3Error.ExpiredToken, auth_token: () => signature_utils.make_auth_token_from_request(req) }; + // AWS s3 returns an empty response when s3 request sends without host header. + if (!req.headers.host) { + dbg.warn('s3_rest: handle_request: S3 request is missing host header, header ', req.headers); + res.statusCode = 400; + res.end(); + return; + } http_utils.check_headers(req, headers_options); const redirect = await populate_request_additional_info_or_redirect(req); @@ -112,7 +119,7 @@ async function handle_request(req, res) { http_utils.set_cors_headers_s3(req, res, cors); if (req.method === 'OPTIONS') { - dbg.log1('OPTIONS!'); + dbg.log1('s3_rest: handle_request : S3 request method is ', req.method); const error_code = req.headers.origin && req.headers['access-control-request-method'] ? 403 : 400; const res_headers = res.getHeaders(); // We will check if we found a matching rule - if no we will return error_code res.statusCode = res_headers['access-control-allow-origin'] && res_headers['access-control-allow-methods'] ? 200 : error_code;