@Kota I want the explicit error because if someone is trying to make a dlo via tempurl they are either
a) trying to validate this security hole and they will know they are patched/hozed by the 400
b) trying to use this vulnerability as a make shift temporary-large-object-upload feature and should be told explicitly that we have broken this workflow because it was not safe and they will need to force us to implement some support for this use case (probably via for tempurl signatures in slo's FWIW).
I retested Kota's patch and I think the only thing that is missing is the Co-Author line ;)
@Kota I want the explicit error because if someone is trying to make a dlo via tempurl they are either
a) trying to validate this security hole and they will know they are patched/hozed by the 400
b) trying to use this vulnerability as a make shift temporary- large-object- upload feature and should be told explicitly that we have broken this workflow because it was not safe and they will need to force us to implement some support for this use case (probably via for tempurl signatures in slo's FWIW).
I retested Kota's patch and I think the only thing that is missing is the Co-Author line ;)