S3 read path (handlers/mod.rs):
- Add Last-Modified + x-amz-meta-* to Range 206 responses
- Add x-amz-server-side-encryption to HEAD/?partNumber= responses
- 304 Not Modified now carries ETag, Last-Modified, version-id, cache headers
- Treat If-Match/If-Unmodified-Since and If-None-Match/If-Modified-Since
as RFC-9110 pairs on both GET and CopyObject (date header ignored when
ETag header is present)
Website hosting (middleware/auth.rs):
- Add ETag, Last-Modified, x-amz-server-side-encryption, and x-amz-meta-*
to website HEAD/200/206 responses so CDN cachers can revalidate
Replication (services/replication.rs, services/s3_client.rs,
middleware/auth.rs, services/site_registry.rs):
- Detect replicated incoming writes via the authenticated principal's
access key against the site registry's peer_inbound_access_key set.
The auth middleware inserts a ReplicationPeerRequest extension marker
on matched requests; handlers skip trigger_replication when set.
Replaces a forgeable User-Agent substring check.
- Replication retry preflight now probes HeadBucket on the actual target
bucket (not ListBuckets) and treats any HTTP response as reachable, so
bucket-scoped credentials no longer block valid retries
- Populate ReplicationFailure.last_error_code from SdkError metadata
- Health probes use a max_attempts=1 client (fast-fail) rather than the
production retry budget
kqjy
4d923df16c