Closed j0nm1 closed 2 years ago
Hello,
I see the missunderstood here. The behaviour is "normal". I will explain why:
The folder list template is used only when the listing is performed with success.
A solution to make it works is to change your policy to add the s3:ListBucket
action and you will have to create a new template for your 403 error. The default one you are trying to use have an error field as required parameter and this won't be present. You can copy paste the forbidden template without the ".Error" part.
Regards,
Oxyno-zeta
Wouldn't it be possible to disable the listing functionality entirely? I think adding ListBucket
permissions isn't that great because the application shouldn't be able to perform this operation.
Hello @j0nm1 ,
I'm afraid that no for the moment. The solution listed above is the required one to have it working like you expect. Maybe in the future. By the way, if I make a "disable listing" flag, this will probably fallback on file stream which will respond with a 404 not found. Will this be ok ?
Edit: that will completely disable the index document feature
Regards,
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 10 days
Hi, I'm trying to disable the folder list page (index). But as there is no direct way, I'm overriding the template as described here: https://github.com/oxyno-zeta/s3-proxy/issues/237. But this seems not to work as expected.
Describe the bug When using an access token that only has the permissions
"s3:GetObject"
it seems to be impossible to disable thefolder-list
page without overriding theinternal-server-error
template as well. The proxy application will receive a 403 when trying to receive the list of folders (even if the template does not require it). This leads to the internal server error page even when replacing thefolder-list
template.To Reproduce Steps to reproduce the behavior:
list-folder
page (as I want to disable the access to the folders):folder-list
page you will receive an internal server error page instead of the expectedaccess-denied
page.Expected behavior The
folder-list
page returns theaccess-denied
template (or there is a way to disable the listing entirely).