Skip to content

Commit

Permalink
upd:增加参与签名的headers白名单
Browse files Browse the repository at this point in the history
  • Loading branch information
@livehigh
livehigh committed Nov 24, 2021
1 parent 483c853 commit 5c9c0f7
Show file tree
Hide file tree
Showing 3 changed files with 35 additions and 3 deletions.
16 changes: 15 additions & 1 deletion dist/cos-js-sdk-v5.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,20 @@ var obj2str = function (obj, stayCase) {
return list.join('&');
};

// 可以签入签名的headers
var signHeaders = ['content-disposition', 'content-encoding', 'content-length', 'content-md5', 'expect', 'host', 'if-match', 'if-modified-since', 'if-none-match', 'if-unmodified-since', 'origin', 'range', 'response-cache-control', 'response-content-disposition', 'response-content-encoding', 'response-content-language', 'response-content-type', 'response-expires', 'transfer-encoding', 'versionid'];

var getSignHeaderObj = function (headers) {
var signHeaderObj = {};
for (var i in headers) {
var key = i.toLowerCase();
if (key.indexOf('x-cos-') > -1 || signHeaders.indexOf(key) > -1) {
signHeaderObj[i] = headers[i];
}
}
return signHeaderObj;
};

//测试用的key后面可以去掉
var getAuth = function (opt) {
opt = opt || {};
Expand All @@ -132,7 +146,7 @@ var getAuth = function (opt) {
var KeyTime = opt.KeyTime;
var method = (opt.method || opt.Method || 'get').toLowerCase();
var queryParams = clone(opt.Query || opt.params || {});
var headers = clone(opt.Headers || opt.headers || {});
var headers = getSignHeaderObj(clone(opt.Headers || opt.headers || {}));

var Key = opt.Key || '';
var pathname;
Expand Down
2 changes: 1 addition & 1 deletion dist/cos-js-sdk-v5.min.js
View file

Large diffs are not rendered by default.

20 changes: 19 additions & 1 deletion src/util.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,24 @@ var obj2str = function (obj, stayCase) {
return list.join('&');
};


// 可以签入签名的headers
var signHeaders = ['content-disposition', 'content-encoding', 'content-length', 'content-md5',
'expect', 'host', 'if-match', 'if-modified-since', 'if-none-match', 'if-unmodified-since',
'origin', 'range', 'response-cache-control', 'response-content-disposition', 'response-content-encoding',
'response-content-language', 'response-content-type', 'response-expires', 'transfer-encoding', 'versionid'];

var getSignHeaderObj = function (headers) {
var signHeaderObj = {};
for (var i in headers) {
var key = i.toLowerCase();
if (key.indexOf('x-cos-') > -1 || signHeaders.indexOf(key) > -1) {
signHeaderObj[i] = headers[i];
}
}
return signHeaderObj;
}

//测试用的key后面可以去掉
var getAuth = function (opt) {
opt = opt || {};
Expand All @@ -57,7 +75,7 @@ var getAuth = function (opt) {
var KeyTime = opt.KeyTime;
var method = (opt.method || opt.Method || 'get').toLowerCase();
var queryParams = clone(opt.Query || opt.params || {});
var headers = clone(opt.Headers || opt.headers || {});
var headers = getSignHeaderObj(clone(opt.Headers || opt.headers || {}));

var Key = opt.Key || '';
var pathname;
Expand Down

0 comments on commit 5c9c0f7

Please sign in to comment.