mirror of
https://github.com/versity/versitygw.git
synced 2026-01-09 21:07:21 +00:00
ee67b41a98
The HeadObject API states that the x-amz-bucket-region header will still get set for an access denied error to correctly indicate region of bucket. This is needed due to the way polices work across regions in aws, and some apps rely on this behavior. See notes in GetBucketLocation: In a bucket's home Region, calls to the GetBucketLocation operation are governed by the bucket's policy. In other Regions, the bucket policy doesn't apply, which means that cross-account access won't be authorized. However, calls to the HeadBucket operation always return the bucket’s location through an HTTP response header, whether access to the bucket is authorized or not. Therefore, we recommend using the HeadBucket operation for bucket Region discovery and to avoid using the GetBucketLocation operation. Fixes #1500