From b652cc91c677e0c6488c25f46dd6b70f874bf966 Mon Sep 17 00:00:00 2001
From: Will Toozs <william.toozshobson@scality.com>
Date: Tue, 12 Mar 2024 18:24:54 +0100
Subject: [PATCH] alternative ssl check approach proposal

---
 lib/api/apiUtils/authorization/permissionChecks.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/api/apiUtils/authorization/permissionChecks.js b/lib/api/apiUtils/authorization/permissionChecks.js
index 170488b44b..33e029c5c4 100644
--- a/lib/api/apiUtils/authorization/permissionChecks.js
+++ b/lib/api/apiUtils/authorization/permissionChecks.js
@@ -247,10 +247,14 @@ function _checkBucketPolicyConditions(request, conditions, log) {
     if (!conditions) {
         return true;
     }
+    const extractProtoFromHeader = config.requests.extractProtoFromHeader;
+
+    const sslEnabled = (extractProtoFromHeader ?
+        extractProtoFromHeader === 'https' : request.connection.encrypted);
     // build request context from the request!
     const requestContext = new RequestContext(request.headers, request.query,
         request.bucketName, request.objectKey, ip,
-        request.connection.encrypted, request.resourceType, 's3', null, null,
+        sslEnabled, request.resourceType, 's3', null, null,
         null, null, null, null, null, null, null, null, null,
         request.objectLockRetentionDays);
     return evaluators.meetConditions(requestContext, conditions, log);