Skip to content

Commit

Permalink
Return nil if both :endpoint given and :fog_aws_fips=true
Browse files Browse the repository at this point in the history
public_url returns a path-based URL when :endpoint is given.  AWS FIPS
endpoints only work with virtual host-style URLs per
https://aws.amazon.com/compliance/fips/

Add a warning and return nil if both :endpoint is given and
:fog_aws_fips=true.

Add tests for :endpoint for both :fog_aws_fips=false (default) and
true.
  • Loading branch information
matt-domsch-sp committed Nov 28, 2024
1 parent ccd6603 commit fc03508
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 1 deletion.
6 changes: 5 additions & 1 deletion lib/carrierwave/storage/fog.rb
Original file line number Diff line number Diff line change
Expand Up @@ -376,7 +376,11 @@ def public_url
when 'AWS'
# check if some endpoint is set in fog_credentials
if @uploader.fog_credentials.has_key?(:endpoint)
"#{@uploader.fog_credentials[:endpoint]}/#{@uploader.fog_directory}/#{encoded_path}"
if !@uploader.fog_aws_fips
"#{@uploader.fog_credentials[:endpoint]}/#{@uploader.fog_directory}/#{encoded_path}"
else
warn 'Use of options :endpoint and :fog_aws_fips=true together will fail, as FIPS endpoints do not support path-style URLs.'
nil
else
protocol = @uploader.fog_use_ssl_for_aws ? "https" : "http"

Expand Down
14 changes: 14 additions & 0 deletions spec/storage/fog_helper.rb
Original file line number Diff line number Diff line change
Expand Up @@ -504,6 +504,20 @@ def check_file
expect(@fog_file.public_url).to include("https://#{CARRIERWAVE_DIRECTORY}.s3-accelerate.amazonaws.com")
end

it 'returns endpoint+bucket when :endpoint and !:fog_aws_fips' do
allow(@uploader).to receive(:endpoint).and_return('https://custom-endpoint.example.com')
allow(@uploader).to receive(:fog_directory).and_return('SiteAssets')
allow(@uploader).to receive(:fog_aws_fips).and_return(false)
expect(@fog_file.url).to include('https://custom-endpoint.example.com/SiteAssets')
end

it 'returns nil when both :endpoint and :fog_aws_fips=true' do
allow(@uploader).to receive(:endpoint).and_return('https://custom-endpoint.example.com')
allow(@uploader).to receive(:fog_directory).and_return('SiteAssets')
allow(@uploader).to receive(:fog_aws_fips).and_return(true)
expect(@fog_file.url).to be nil
end

context 'when the directory is not a valid subdomain' do
it "should not use a subdomain URL for AWS" do
allow(@uploader).to receive(:fog_directory).and_return('SiteAssets')
Expand Down

0 comments on commit fc03508

Please sign in to comment.