Compare commits
5 Commits
developmen
...
w/8.1/bugf
Author | SHA1 | Date |
---|---|---|
bert-e | 8691bf0f20 | |
bert-e | 8da8d395d9 | |
Will Toozs | 0466eb4d82 | |
Will Toozs | 8edd2f1c0c | |
Will Toozs | 9e3e723fb7 |
|
@ -61,7 +61,7 @@ export function findConditionKey(
|
||||||
case 'aws:referer': return headers.referer;
|
case 'aws:referer': return headers.referer;
|
||||||
// aws:SecureTransport – Used to check whether the request was sent
|
// aws:SecureTransport – Used to check whether the request was sent
|
||||||
// using SSL (see Boolean Condition Operators).
|
// using SSL (see Boolean Condition Operators).
|
||||||
case 'aws:SecureTransport': return requestContext.getSslEnabled() ? 'true' : 'false';
|
case 'aws:SecureTransport': return headers?.['x-forwarded-proto'] === 'https' ? 'true' : 'false';
|
||||||
// aws:SourceArn – Used check the source of the request,
|
// aws:SourceArn – Used check the source of the request,
|
||||||
// using the ARN of the source. N/A here.
|
// using the ARN of the source. N/A here.
|
||||||
case 'aws:SourceArn': return undefined;
|
case 'aws:SourceArn': return undefined;
|
||||||
|
|
|
@ -38,7 +38,7 @@ function findVariable(variable: string, requestContext: RequestContext): string
|
||||||
// aws:SecureTransport is boolean value that represents whether the
|
// aws:SecureTransport is boolean value that represents whether the
|
||||||
// request was sent using SSL
|
// request was sent using SSL
|
||||||
map.set('aws:SecureTransport',
|
map.set('aws:SecureTransport',
|
||||||
requestContext.getSslEnabled() ? 'true' : 'false');
|
headers?.['x-forwarded-proto'] === 'https' ? 'true' : 'false');
|
||||||
// aws:SourceIp is requester's IP address, for use with IP address
|
// aws:SourceIp is requester's IP address, for use with IP address
|
||||||
// conditions
|
// conditions
|
||||||
map.set('aws:SourceIp', requestContext.getRequesterIp());
|
map.set('aws:SourceIp', requestContext.getRequesterIp());
|
||||||
|
|
|
@ -906,7 +906,9 @@ describe('policyEvaluator', () => {
|
||||||
() => {
|
() => {
|
||||||
policy.Statement.Condition = { Bool:
|
policy.Statement.Condition = { Bool:
|
||||||
{ 'aws:SecureTransport': 'true' } };
|
{ 'aws:SecureTransport': 'true' } };
|
||||||
const rcModifiers = { _sslEnabled: false };
|
const rcModifiers = { _headers: {
|
||||||
|
'x-forwarded-proto': 'http',
|
||||||
|
} };
|
||||||
check(requestContext, rcModifiers, policy, 'Neutral');
|
check(requestContext, rcModifiers, policy, 'Neutral');
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -915,7 +917,9 @@ describe('policyEvaluator', () => {
|
||||||
() => {
|
() => {
|
||||||
policy.Statement.Condition = { Bool:
|
policy.Statement.Condition = { Bool:
|
||||||
{ 'aws:SecureTransport': 'true' } };
|
{ 'aws:SecureTransport': 'true' } };
|
||||||
const rcModifiers = { _sslEnabled: true };
|
const rcModifiers = { _headers: {
|
||||||
|
'x-forwarded-proto': 'https',
|
||||||
|
} };
|
||||||
check(requestContext, rcModifiers, policy, 'Allow');
|
check(requestContext, rcModifiers, policy, 'Allow');
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue