summaryrefslogtreecommitdiff
path: root/swift/common/middleware/s3api/s3request.py
diff options
context:
space:
mode:
authorTim Burke <tim.burke@gmail.com>2021-01-08 14:08:08 -0800
committerAlistair Coles <alistairncoles@gmail.com>2021-01-14 10:40:23 +0000
commit10d9a737d8d6e5fcc70a0be07df89a1fb57b9739 (patch)
treead067233a4c39720fa0197b7b2899fe57779d0ec /swift/common/middleware/s3api/s3request.py
parent83233e7b36a451330c18eeefa19cf170eaa49abd (diff)
downloadswift-10d9a737d8d6e5fcc70a0be07df89a1fb57b9739.tar.gz
s3api: Make allowable clock skew configurable
While we're at it, make the default match AWS's 15 minute limit (instead of our old 5 minute limit). UpgradeImpact ============= This (somewhat) weakens some security protections for requests over the S3 API; operators may want to preserve the prior behavior by setting allowable_clock_skew = 300 in the [filter:s3api] section of their proxy-server.conf Co-Authored-By: Alistair Coles <alistairncoles@gmail.com> Change-Id: I0da777fcccf056e537b48af4d3277835b265d5c9
Diffstat (limited to 'swift/common/middleware/s3api/s3request.py')
-rw-r--r--swift/common/middleware/s3api/s3request.py4
1 files changed, 2 insertions, 2 deletions
diff --git a/swift/common/middleware/s3api/s3request.py b/swift/common/middleware/s3api/s3request.py
index 2147b7e87..8aec3bf6f 100644
--- a/swift/common/middleware/s3api/s3request.py
+++ b/swift/common/middleware/s3api/s3request.py
@@ -731,8 +731,8 @@ class S3Request(swob.Request):
# If the standard date is too far ahead or behind, it is an
# error
- delta = 60 * 5
- if abs(int(self.timestamp) - int(S3Timestamp.now())) > delta:
+ delta = abs(int(self.timestamp) - int(S3Timestamp.now()))
+ if delta > self.conf.allowable_clock_skew:
raise RequestTimeTooSkewed()
def _validate_headers(self):
View Lorry Controller Status