]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commit
projects / ceph.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7f9a2ec) | patch
rgw: return MalformedXML for empty objects list in DeleteObjects 60579/head
authorSeena Fallah <seenafallah@gmail.com>
Thu, 31 Oct 2024 20:00:17 +0000 (21:00 +0100)
committerSeena Fallah <seenafallah@gmail.com>
Tue, 5 Nov 2024 17:26:58 +0000 (18:26 +0100)
commite4164273cf3bf91b5d431938736739cd132678fb
tree95f872e975e7ee4546ecfd344270005f64c8545atree | snapshot
parent7f9a2ec38f7d4f6d0c8d7698b0b8d4af45f5261bcommit | diff
rgw: return MalformedXML for empty objects list in DeleteObjects

When a request contains an empty list of objects, the current
implementation returns a 200 OK. However, this behavior may raise
security concerns, as it could imply the user has access to the
bucket, even though access policies are only evaluated per object.
To mitigate this risk, returning a 400 Bad Request would be a more
secure approach. This ensures that no assumption is made about the
user’s access to the bucket or its objects. Furthermore, this
adjustment aligns with AWS behavior, enhancing compatibility.

Fixes: https://tracker.ceph.com/issues/68799
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
src/rgw/rgw_op.cc diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.