sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix(s3): make data integrity protections opt-in 

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
pull/56672/head
Daniel Kesselberg 2025-11-25 18:00:59 +07:00
parent 34c6cb7b2e
commit f977a7fec6
No known key found for this signature in database
GPG Key ID: 4A81C29F63464E8F
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
config/config.sample.php
Unescape Escape View File

@ -1980,6 +1980,12 @@ $CONFIG = [
// optional: Maximum number of retry attempts for failed S3 requests
// Default: 5
'retriesMaxAttempts' => 5,
// Data Integrity Protections for Amazon S3 (https://docs.aws.amazon.com/sdkref/latest/guide/feature-dataintegrity.html)
// Valid values are "when_required" (default) and "when_supported".
// To ensure compatibility with 3rd party S3 implementations, Nextcloud disables it by default. However, if you are
// using Amazon S3 (or any other implementation that supports it) we recommend enabling it by using "when_supported".
'request_checksum_calculation' => 'when_required',
'response_checksum_validation' => 'when_required',
],
],

4
lib/private/Files/ObjectStore/S3ConnectionTrait.php
Unescape Escape View File

@ -137,10 +137,14 @@ trait S3ConnectionTrait {
if (isset($this->params['request_checksum_calculation'])) {
$options['request_checksum_calculation'] = $this->params['request_checksum_calculation'];
} else {
$options['request_checksum_calculation'] = 'when_required';
}
if (isset($this->params['response_checksum_validation'])) {
$options['response_checksum_validation'] = $this->params['response_checksum_validation'];
} else {
$options['response_checksum_validation'] = 'when_required';
}
if ($this->getProxy()) {