supabase / storage

76%

master: 82%

LAST BUILD ON BRANCH fix/validate-s3-headers-before-sending

branch: fix/validate-s3-headers-before-sending

CHANGE BRANCH

x

Reset

• fix/validate-s3-headers-before-sending
• admin-features
• admin/reconcile-orphan-objects
• auth/crypto
• bs/tmp
• build/v1.0.1
• build/v1.13.4
• chore-review-actions
• chore/bump-axios-to-190
• chore/bump-fastify-multipart-patch-version
• chore/bump-form-data-404-and-esbuild-0250-versions
• chore/improve-folder-structure
• chore/improve-storage-errors
• chore/improvements
• chore/remove-request-info-logs
• chore/self-serve-hardening
• chore/tests
• chore/update-pino-logflare
• chore/update-tests-fix-coverage
• chore/use-single-s3-client
• ci/automatic-cli-pr
• ci/fix-mirror-images
• ci/pr-target
• concurreny
• da/ssl-hostname-verification
• db/propagate-transaction-error-edge-case
• dep/axios-1.6.8
• dependabot/npm_and_yarn/aws-sdk/s3-request-presigner-3.1024.0
• dependabot/npm_and_yarn/fastify/otel-0.18.1
• dependabot/npm_and_yarn/ip-address-10.1.0
• dependabot/npm_and_yarn/jose-6.2.2
• dependabot/npm_and_yarn/npm_and_yarn-580a7c2f10
• dependabot/npm_and_yarn/npm_and_yarn-94be095972
• dependabot/npm_and_yarn/opentelemetry/instrumentation-knex-0.58.0
• dependabot/npm_and_yarn/opentelemetry/sdk-metrics-2.6.1
• dependabot/npm_and_yarn/platformatic/node-3.50.0
• dependabot/npm_and_yarn/smithy/node-http-handler-4.5.2
• deps/bump-axios
• deps/bump-security-1
• deps/cross-spawn-update
• docker/fix-imgproxy-path
• etienne/sec-389-buckets-with-trailing-whitespace-cannot-be-deleted-in
• etienne/sec-666-pin-all-github-actions-to-full-commit-sha
• etienne/sec-778
• exit-1
• feat/add-queue-health-check-monitor
• feat/add-support-for-sorting-to-list-v2
• feat/add-version-endpoint-to-admin-api
• feat/allow-disabling-s3-protocol
• feat/allow-disabling-specific-events-tenants
• feat/allow-overwrites-when-copy
• feat/buckets-objects-grants-for-postgres
• feat/cpabilities
• feat/custom-metadata
• feat/deprecate-service-and-anon-keys
• feat/docker-compose-example
• feat/feature-flag-freeze-migrations
• feat/gravity
• feat/handle-auth-on-top-level-routes
• feat/iceberg-catalog
• feat/list-objects-v2
• feat/multitenant-db-pool-support
• feat/pre-signed-url-with-storage-jwt-secret
• feat/prevent-direct-sql-deletes-in-storage-schema
• feat/purge-cache-for-object
• feat/rabalancing-pooling
• feat/remove-dependency-on-pg-extensions
• feat/s3-post-form
• feat/s3-protocol-custom-response-header
• feat/signed-upload-url-upsert
• feat/stale-while-revalidate
• feat/standard-upload-limits
• feat/support-x-forwarded-path
• feat/tus-object-id-header
• feat/tus-signed-upload-url-support
• feat/tus-stable-v1
• feat/vector-buckets
• feature/server-timings
• ferhat/abort-controller
• ferhat/admin-handlers-migrations
• ferhat/admin-migration-validation
• ferhat/admin-post-coverage
• ferhat/admin-record-migration
• ferhat/admin-regression-tests
• ferhat/any
• ferhat/async-abort
• ferhat/aws-bump
• ferhat/aws-chunked
• ferhat/blacksmith
• ferhat/bump-target
• ferhat/bump-ts-jest
• ferhat/cache
• ferhat/ci
• ferhat/connection-string
• ferhat/content-type-hook
• ferhat/cooldown
• ferhat/crypto-dep
• ferhat/dash-cache
• ferhat/dashboard-top-panels
• ferhat/decoded-content-length-spoof
• ferhat/deepwiki
• ferhat/delete-bucket-empty-json
• ferhat/delete-tenant-empty-json
• ferhat/delta
• ferhat/deps
• ferhat/drop-fly
• ferhat/empty-bucket-rls
• ferhat/empty-segment-listing
• ferhat/entity-expansion
• ferhat/event-mutation
• ferhat/fastify-5
• ferhat/file-backend-last-mod
• ferhat/file-backend-path-traversal
• ferhat/flaky-abort
• ferhat/fs-extra
• ferhat/glob
• ferhat/harden-coverage
• ferhat/harden-jwk-cache-test
• ferhat/immutable-release
• ferhat/improve-biome
• ferhat/jest-speedup
• ferhat/json-multipart
• ferhat/list-wildcards
• ferhat/lru
• ferhat/md5-multistream
• ferhat/mime
• ferhat/more-rules
• ferhat/move-cleanup
• ferhat/mustache
• ferhat/name
• ferhat/no-unnecessary-conds
• ferhat/no-unused-vars
• ferhat/operation-ergonomics
• ferhat/oriole-vector
• ferhat/orioledb-tests
• ferhat/otel-tracing-endpoint-case
• ferhat/perf-pass
• ferhat/pipethrough
• ferhat/progressive-migrations
• ferhat/prom-exporter
• ferhat/reg1
• ferhat/reg2
• ferhat/reg3
• ferhat/run-migrations
• ferhat/s3-delete-objects
• ferhat/scanner-pagination
• ferhat/security-bumps
• ferhat/shard-stats
• ferhat/sigv4-stream
• ferhat/socket-hang
• ferhat/tenant-config-per-request
• ferhat/tenant-pool-hit-ratio
• ferhat/tenant-pool-logging
• ferhat/tenant-pool-more-metrics
• ferhat/tracing-hidden-metric-pipeline
• ferhat/ts-node-dev
• ferhat/tus-dup
• ferhat/vector-list-pagination
• ferhat/vitest-unit
• ferhat/xml-bump
• ferhat/xml-cve
• files-backend-linux-etag
• fix-migrate
• fix-trigger-update-level
• fix/add-error-callback-for-logs-ingestion
• fix/add-migration-check-on-bucket-create
• fix/add-robots-header
• fix/allow-10000-parts-for-s3
• fix/allow-10000-parts-for-s3-upload
• fix/allow-connect-via-ip-address
• fix/aws-sdk-stream-buffer
• fix/base-migrations
• fix/base64-on-metadata-headers
• fix/bump-storage-version
• fix/check-empty-auth-header
• fix/check-for-public-bucket-on-info-request
• fix/check-local-migrations-in-has-migrations
• fix/ci-ubuntu-version
• fix/cleanup-imports
• fix/content-type-charset
• fix/copy-event
• fix/copy-object-content-type
• fix/copy-object-same-path
• fix/correct-operation-for-auth-render-image
• fix/cusrsor-s3-list-v1
• fix/db-install-roles-default-value
• fix/default-max-file-size-s3-post-upload
• fix/default-queue-env
• fix/deps-upgrade-custom-options
• fix/disable-content-type-parsers
• fix/do-not-drop-column-jwks-on-tenants
• fix/do-not-make-head-call-for-zero-byte-uploads
• fix/do-not-select-redundant-column
• fix/doc-export
• fix/dont-allow-buckets-named-public
• fix/endpoint-cache-control
• fix/env-file-backend-name
• fix/error-code-mismatches
• fix/error-log-edge-case
• fix/exclude-empty-headers-s3
• fix/expose-etag-headers-for-s3-multipart-upload
• fix/filter-namespace-by-bucket
• fix/fix-search-to-return-proper-case
• fix/gracefully-handle-incomplete-multipart-uploads
• fix/grant-to-postgres-with-grant-option
• fix/handle-databse-timeout-errors
• fix/handle-max-clients-error-for-supavisor
• fix/header-validation-always-string
• fix/healthcheck-return-reply
• fix/improve-analytics-buckets
• fix/improve-db-errors
• fix/increase-put-vector-body-limit
• fix/info-headers
• fix/int-overflow-in-size-function
• fix/log-aborted-connections
• fix/merge-tenant-jwks-with-new-jwks-table
• fix/metadata-input-names
• fix/migrate-call
• fix/migration-check
• fix/migration-types-ordering
• fix/new-api-key-suport
• fix/onSend-hook-execution-time
• fix/operation-flag-on-s3-protocol
• fix/optional-queue-params
• fix/orphan-client
• fix/orphan-object-script-fixes
• fix/otel-hook
• fix/pagination-scanner
• fix/part-upload-remove-pipeline
• fix/pass-config-on-signature
• fix/percintile-metrics
• fix/pgboss-exactly-once-queue
• fix/pgboss-on-error-callback
• fix/pgboss-queue-init
• fix/pool-cleanup
• fix/post-tenant-transaction
• fix/prefixes-concurrency-cleanup
• fix/prevent-duplicate-logs
• fix/prevent-path-traversal-outside-of-storage-path
• fix/primary-keys-migration
• fix/proxy-headers-on-protocols
• fix/queue-connection-handling
• fix/queue-fetching-parallel-batches
• fix/refactor-folders
• fix/remove-default-content-range
• fix/return-bucket-id-on-info
• fix/revert-migrate-script-rename
• fix/rls-check-on-move
• fix/run-migrations-after-tenant-creation
• fix/s3-chuncked-upload
• fix/s3-complete-upload-typo
• fix/s3-copy-paste-errors
• fix/s3-count-on-list
• fix/s3-credential-cache-notify-fix
• fix/s3-delete-response
• fix/s3-locker-timing-issue
• fix/s3-object-list-v1-cursor
• fix/s3-object-pagination-with-url-encoding
• fix/safely-handle-concurrent-promise-rejection
• fix/signature-for-strict-clients
• fix/single-migration-strategy
• fix/start-single-migrations
• fix/storage-copy-across-buckets
• fix/storage-encoding-on-copy
• fix/strip-extra-slash-from-tus-path
• fix/support-orioledb-migrations
• fix/switch-from-jsonwebtoken-tojose
• fix/table-exists-check
• fix/tenant-hook-return-reply
• fix/tests
• fix/tus-locker-error-handling
• fix/tus-signed-url-validation
• fix/update-img-proxy-env-to-be-consistent-with-prod
• fix/update-to-fastify-v5
• fix/updating-pool-mode-on-put
• fix/use-handle-missing-metadata-in-file-adapter
• fix/use-original-encoding-header-if-available
• fix/use-pino-file-when-logflare-is-disabled
• fix/use-queue-in-empty-to-delete-objects
• fix/use-s3-compliant-component-encoding
• fix/validate-header
• fix/x-forwarded-port-local
• hf/add-jwks-support
• hf/bump-ci-node
• hf/prevent-role-in-presigned-url
• imgproxy/local-path-file-driver
• improvement/adapter-interface
• ip/logs-batch
• ip/release
• ip/release-2
• kiwicopple-patch-1
• km/feat-eks-cluster-discovery
• lenny/add-ability-to-roll-url-signing-key
• lenny/add-replace-existing-container-script
• lenny/additional-error-normalization
• lenny/bump-tus-storage-version
• lenny/exclude-bucket-type-for-old-storage-py-versions
• lenny/exclude-bucket-type-for-old-storage-py-versions-2
• lenny/fix-add-empty-bucket-lifecycle-logs
• lenny/fix-header-validation-errors
• lenny/fix-open-api-specs
• lenny/fix-orphan-object-scanner
• logs/add-execution-time
• master
• metrics/add-agent-metrics
• migrations/allow-excluding-columns-for-old-migrations
• migrations/optimise-migrations
• migrations/sync-mode
• missing-content-type
• moinitoring/improvement
• monitoring/otel-metrics
• monitoring/stream-monitoring
• monitoring/upload-stream
• multitenant/allow-increase-img-transform-res-per-tenant
• multitenant/migrations-execution
• node24-for-semantic
• observability/delta-metrics
• pcnc/batch-size
• perf/improve-handling-of-request-cancellation
• perf/otel-upgrade-reduce-allocations
• perf/query-cancellation-stricter-timeouts
• perf/search-query-optimized
• pgboss/v10
• process/add-watt-process-runner-support
• rebuild/v.1.11.6
• refs/pull/444/merge
• release/0.48.0
• release/1.8.2
• release/v1.0.10
• revert/fx-attrs-upgrade
• rollback/trigger-prefixes
• s3-protocol/fix-file-driver
• s3/chunked-upload-signature-verification-fix
• s3/consistent-rls-for-session-token
• s3/delete-objects-array-validation
• s3/get-object-tagging-stup
• s3/omit-next-continuation-token-when-empty
• s3/protocol
• s3/signed-urls
• s3/split-clients
• self-hosted/s3-host-url
• self-hosted/storage-public-url
• shutdown/signals
• storage/accept-forwarded-header-for-signature
• storage/authenticated-query-token
• storage/do-not-validate-mime-type-on-empty-folder
• storage/docker-image-deps
• storage/exclude-network-metric
• storage/fix-get-presigned-urls
• storage/handler-on-error-on-client
• storage/improve-upload-performance
• storage/operation
• storage/optimise-metrics
• storage/otel-tracing
• storage/push-latest
• storage/queue-worker-mode
• storage/webhooks-max-http-connections
• tenant/env-for-tenant-sensible-info
• traces/add-more-traces
• traces/custom-spans
• tracing/optional-log-tracing
• tracing/stream-monitoring
• tus/allow-disabling-s3-tags
• tus/dont-cache-metadata
• tus/fix-locker-release
• tus/upgrade-latest
• tyler/STORAGE-258/user-metadata-in-rls
• tyler/STORAGE-292/amend-migrations-to-prevent-crashes
• tyler/chore/pgbouncer-app-name
• tyler/chore/update-pg-applicaition-name
• tyler/feat/add-pagination-get-buckets
• tyler/fix/coveralls-badge
• tyler/refactor/pg-app-name
• upgrade/pg-boss-version

Build # 21623439900

Build Type

Pull #839

github

Committed by web-flow

Commit Message

Merge 976ccfe42 into bfc358208

Pull Request Pull Request #839: fix: do not allow setting invalid header values via S3 response header overrides

Coverage Stats

2117 of 3071 branches covered (68.94%)

Branch coverage included in aggregate %.

17 of 17 new or added lines in 1 file covered. (100.0%)

25914 of 34024 relevant lines covered (76.16%)

94.97 hits per line