Bucket location sends UNSIGNED-PAYLOAD with https connection (minio#479)

api.go

@@ -589,7 +589,7 @@ func (c Client) newRequest(method string, metadata requestMetadata) (req *http.R
 		// set sha256 sum for signature calculation only with
 		// signature version '4'.
 		if c.signature.isV4() {
-			shaHeader := "UNSIGNED-PAYLOAD"
+			shaHeader := unsignedPayload
 			if !c.secure {
 				if metadata.contentSHA256Bytes == nil {
 					shaHeader = hex.EncodeToString(sum256([]byte{}))

bucket-cache.go

@@ -165,7 +165,13 @@ func (c Client) getBucketLocationRequest(bucketName string) (*http.Request, erro
 
 	// Set sha256 sum for signature calculation only with signature version '4'.
 	if c.signature.isV4() {
-		req.Header.Set("X-Amz-Content-Sha256", hex.EncodeToString(sum256([]byte{})))
+		var contentSha256 string
+		if c.secure {
+			contentSha256 = unsignedPayload
+		} else {
+			contentSha256 = hex.EncodeToString(sum256([]byte{}))
+		}
+		req.Header.Set("X-Amz-Content-Sha256", contentSha256)
 	}
 
 	// Sign the request.

constants.go

@@ -40,3 +40,7 @@ const maxMultipartPutObjectSize = 1024 * 1024 * 1024 * 1024 * 5
 // optimalReadBufferSize - optimal buffer 5MiB used for reading
 // through Read operation.
 const optimalReadBufferSize = 1024 * 1024 * 5
+
+// unsignedPayload - value to be set to X-Amz-Content-Sha256 header when
+// we don't want to sign the request payload
+const unsignedPayload = "UNSIGNED-PAYLOAD"

request-signature-v4.go

@@ -113,7 +113,7 @@ func getHashedPayload(req http.Request) string {
 	hashedPayload := req.Header.Get("X-Amz-Content-Sha256")
 	if hashedPayload == "" {
 		// Presign does not have a payload, use S3 recommended value.
-		hashedPayload = "UNSIGNED-PAYLOAD"
+		hashedPayload = unsignedPayload
 	}
 	return hashedPayload
 }