From 2b60e2abb1dcc0d74c23dcfb8350bff0b9e5ddd8 Mon Sep 17 00:00:00 2001
From: Chris Lu <chris.lu@gmail.com>
Date: Mon, 31 May 2021 01:03:04 -0700
Subject: [PATCH] only disallow streaming signed when no auth enabled

fix https://github.com/chrislusf/seaweedfs/issues/2101
---
 weed/s3api/s3api_object_handlers.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/weed/s3api/s3api_object_handlers.go b/weed/s3api/s3api_object_handlers.go
index e6140fd1a..17ead05a0 100644
--- a/weed/s3api/s3api_object_handlers.go
+++ b/weed/s3api/s3api_object_handlers.go
@@ -63,8 +63,8 @@ func (s3a *S3ApiServer) PutObjectHandler(w http.ResponseWriter, r *http.Request)
 	}
 
 	dataReader := r.Body
+	rAuthType := getRequestAuthType(r)
 	if s3a.iam.isEnabled() {
-		rAuthType := getRequestAuthType(r)
 		var s3ErrCode s3err.ErrorCode
 		switch rAuthType {
 		case authTypeStreamingSigned:
@@ -79,8 +79,7 @@ func (s3a *S3ApiServer) PutObjectHandler(w http.ResponseWriter, r *http.Request)
 			return
 		}
 	} else {
-		rAuthType := getRequestAuthType(r)
-		if authTypeAnonymous != rAuthType {
+		if authTypeStreamingSigned == rAuthType {
 			writeErrorResponse(w, s3err.ErrAuthNotSetup, r.URL)
 			return
 		}