From 25748dc8ff03a0a1f5e3b4c7d9a1851b2a29e887 Mon Sep 17 00:00:00 2001
From: Liam <byteslice@airmail.cc>
Date: Sat, 17 Aug 2024 17:28:56 -0400
Subject: [PATCH] Fix HEAD requests to s3proxy

---
 docker/web/aws-signature.lua | 2 +-
 docker/web/nginx.conf        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/web/aws-signature.lua b/docker/web/aws-signature.lua
index fae28992..c204cbb6 100644
--- a/docker/web/aws-signature.lua
+++ b/docker/web/aws-signature.lua
@@ -76,7 +76,7 @@ end
 
 local function get_hashed_canonical_request(timestamp, host, uri)
   local digest = get_sha256_digest(ngx.var.request_body)
-  local canonical_request = ngx.var.request_method .. '\n'
+  local canonical_request = ngx.req.get_method() .. '\n'
     .. uri .. '\n'
     .. '\n'
     .. 'host:' .. host .. '\n'
diff --git a/docker/web/nginx.conf b/docker/web/nginx.conf
index 218fe896..73bd5aea 100644
--- a/docker/web/nginx.conf
+++ b/docker/web/nginx.conf
@@ -34,7 +34,7 @@ init_by_lua_block {
 	function sign_aws_request()
 		-- The API token used should not allow writing, but
 		-- sanitize this anyway to stop an upstream error
-		if ngx.req.get_method() ~= 'GET' then
+		if ngx.req.get_method() ~= 'GET' and ngx.req.get_method() ~= 'HEAD' then
 			ngx.status = ngx.HTTP_UNAUTHORIZED
 			ngx.say('Unauthorized')
 			return ngx.exit(ngx.HTTP_UNAUTHORIZED)