From 7f40c9600a2e5b012f13a7016b6233686dcd54fa Mon Sep 17 00:00:00 2001 From: Bharanee Rathna Date: Fri, 1 Mar 2019 16:42:12 +1100 Subject: [PATCH 1/3] Avoid using bucket_name.host if host is overriden. This prevents signed url generation with CNAME pointing to the bucket. --- lib/fog/aws/storage.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/fog/aws/storage.rb b/lib/fog/aws/storage.rb index 08312d3de..2e2ef9a51 100644 --- a/lib/fog/aws/storage.rb +++ b/lib/fog/aws/storage.rb @@ -292,7 +292,7 @@ module Fog if path_style path = bucket_to_path bucket_name, path else - host = [bucket_name, host].join('.') + host = [bucket_name, host].join('.') unless params[:host] end end end From aacb0a39a162b6a6a1345828a73554e22d369b82 Mon Sep 17 00:00:00 2001 From: Bharanee Rathna Date: Sun, 3 Mar 2019 11:11:55 +1100 Subject: [PATCH 2/3] S3: add virtual_host and cname options. Call url() with `virtual_host: true` and optionally `cname: ` to generate signed url for an object. --- lib/fog/aws/storage.rb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/fog/aws/storage.rb b/lib/fog/aws/storage.rb index 2e2ef9a51..46f698131 100644 --- a/lib/fog/aws/storage.rb +++ b/lib/fog/aws/storage.rb @@ -289,10 +289,14 @@ module Fog end end - if path_style + # uses the bucket name as host if `virtual_host: true`, you can also + # manually specify the cname if required. + if params[:virtual_host] + host = params.fetch(:cname, bucket_name) + elsif path_style path = bucket_to_path bucket_name, path else - host = [bucket_name, host].join('.') unless params[:host] + host = [bucket_name, host].join('.') end end end From 268d772166086667370b4623c92e2b06769c7464 Mon Sep 17 00:00:00 2001 From: Bharanee Rathna Date: Tue, 5 Mar 2019 11:20:04 +1100 Subject: [PATCH 3/3] whitelist :virtual_host and :cname --- lib/fog/aws/storage.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/fog/aws/storage.rb b/lib/fog/aws/storage.rb index 46f698131..aa2a2d1d7 100644 --- a/lib/fog/aws/storage.rb +++ b/lib/fog/aws/storage.rb @@ -43,7 +43,7 @@ module Fog ] requires :aws_access_key_id, :aws_secret_access_key - recognizes :endpoint, :region, :host, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :path_style, :acceleration, :instrumentor, :instrumentor_name, :aws_signature_version + recognizes :endpoint, :region, :host, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at, :path_style, :acceleration, :instrumentor, :instrumentor_name, :aws_signature_version, :virtual_host, :cname secrets :aws_secret_access_key, :hmac