From f977a7fec6cbed12ec8aa6f9689452e98394f427 Mon Sep 17 00:00:00 2001 From: Daniel Kesselberg Date: Tue, 25 Nov 2025 18:00:59 +0100 Subject: [PATCH] fix(s3): make data integrity protections opt-in Signed-off-by: Daniel Kesselberg --- config/config.sample.php | 6 ++++++ lib/private/Files/ObjectStore/S3ConnectionTrait.php | 4 ++++ 2 files changed, 10 insertions(+) diff --git a/config/config.sample.php b/config/config.sample.php index c228febd575..937932933ba 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -1980,6 +1980,12 @@ $CONFIG = [ // optional: Maximum number of retry attempts for failed S3 requests // Default: 5 'retriesMaxAttempts' => 5, + // Data Integrity Protections for Amazon S3 (https://docs.aws.amazon.com/sdkref/latest/guide/feature-dataintegrity.html) + // Valid values are "when_required" (default) and "when_supported". + // To ensure compatibility with 3rd party S3 implementations, Nextcloud disables it by default. However, if you are + // using Amazon S3 (or any other implementation that supports it) we recommend enabling it by using "when_supported". + 'request_checksum_calculation' => 'when_required', + 'response_checksum_validation' => 'when_required', ], ], diff --git a/lib/private/Files/ObjectStore/S3ConnectionTrait.php b/lib/private/Files/ObjectStore/S3ConnectionTrait.php index 871273e4a15..48fa8efdec3 100644 --- a/lib/private/Files/ObjectStore/S3ConnectionTrait.php +++ b/lib/private/Files/ObjectStore/S3ConnectionTrait.php @@ -137,10 +137,14 @@ trait S3ConnectionTrait { if (isset($this->params['request_checksum_calculation'])) { $options['request_checksum_calculation'] = $this->params['request_checksum_calculation']; + } else { + $options['request_checksum_calculation'] = 'when_required'; } if (isset($this->params['response_checksum_validation'])) { $options['response_checksum_validation'] = $this->params['response_checksum_validation']; + } else { + $options['response_checksum_validation'] = 'when_required'; } if ($this->getProxy()) {