Share URL Returns 403

[nreisingercres]

NOTE

If this case is urgent, please subscribe to Subnet so that our 24/7 support team may help you faster.

Using the share URL returns a 403

Expected Behavior

The file should download

Current Behavior

The server returns a 403 status code

Possible Solution

Use MINIO_BROWSER_REDIRECT_URL to generate the url

Steps to Reproduce (for bugs)

1. Configure minio to go through a proxy with the console sub path path i.e minio.com/minio/console
2. Create a share url
3. Try to go to the share url
4. note the error
5. add the sub path i.e. /minio/console
6. Note it works

Context

Trying to use curl to download a file

Regression

Your Environment

• MinIO version used (minio --version): RELEASE.2024-05-01T01-11-10Z
• Server setup and configuration:
• Operating System and version (uname -a):

[prakashsvmx]

MINIO_BROWSER_REDIRECT_URL is not for share url. May be you are looking for MINIO_SERVER_URL

[nreisingercres]

If so that would be very confusing as to why my work around works.

I have MINIO_SERVER_URL set to the minio server without the sub path for the console.
(the redacted part is the same on both)

MINIO_SERVER_URL: https://minio.<redacted>.com/
MINIO_BROWSER_REDIRECT_URL: https://minio.<redacted>.com/minio/console/

When I take the share url and manually add /minio/console/ it works. It appears that the API api/v1/download-shared-object is on the console not the main minio server.

[prakashsvmx]

#3284 when I checked the Sub path also worked fine.

[nreisingercres]

#3284 when I checked the Sub path also worked fine.

Interesting, do I possibly have something misconfigured?

I also dug through the code some and found this section. If I'm reading it right, it uses the scheme and the host of the request to generate the url. I don't see it taking into account the path.
https://github.com/minio/console/blob/master/api/user_objects.go#L1104-L1116

[cesnietor]

@nreisingercres Try not defining the trailing slash on the minio_server_url:
e.g.

MINIO_BROWSER_REDIRECT_URL=http://localhost:8000/console/subpath/ 
MINIO_SERVER_URL=http://localhost:9000

[nreisingercres]

@nreisingercres Try not defining the trailing slash on the minio_server_url: e.g.

MINIO_BROWSER_REDIRECT_URL=http://localhost:8000/console/subpath/ 
MINIO_SERVER_URL=http://localhost:9000

Same issue when removing the trailing slash on MINIO_SERVER_URL

It still generates
https://minio.<redacted>.com/api/v1/download-shared-object/ and returns 403 but when I change it to https://minio.<redacted>.com/minio/console/api/v1/download-shared-object/ it works

[cesnietor]

thanks, I'll take a look. I also remember testing with subpath and nginx and worked fine. But will try to reproduce.

[nreisingercres]

thanks, I'll take a look. I also remember testing with subpath and nginx and worked fine. But will try to reproduce.

Thanks, I'm 90% sure the issue is here as getRequestURLWithScheme() uses only r.tls and r.host nothing about the path: https://github.com/minio/console/blob/master/api/user_objects.go#L1104-L1116
I would try to fix it, but I'm unsure how to begin going about getting the sub path

[cesnietor]

I was able to reproduce it, we need to pass the MINIO_BROWSER_REDIRECT_URL from minio to Console cause right now we only pass the subpath here.
And then add it in https://github.com/minio/console/blob/master/api/user_objects.go#L1109