fix(s3): make data integrity protections opt-in

Signed-off-by: Daniel Kesselberg <[email protected]>

Author: kesselb

config/config.sample.php

@@ -1980,6 +1980,12 @@
 			// optional: Maximum number of retry attempts for failed S3 requests
 			// Default: 5
 			'retriesMaxAttempts' => 5,
+			// Data Integrity Protections for Amazon S3 (https://docs.aws.amazon.com/sdkref/latest/guide/feature-dataintegrity.html)
+			// Valid values are "when_required" (default) and "when_supported".
+			// To ensure compatibility with 3rd party S3 implementations, Nextcloud disables it by default. However, if you are
+			// using Amazon S3 (or any other implementation that supports it) we recommend enabling it by using "when_supported".
+			'request_checksum_calculation' => 'when_required',
+			'response_checksum_validation' => 'when_required',
 		],
 	],
 

lib/private/Files/ObjectStore/S3ConnectionTrait.php

@@ -133,10 +133,14 @@ public function getConnection() {
 
 		if (isset($this->params['request_checksum_calculation'])) {
 			$options['request_checksum_calculation'] = $this->params['request_checksum_calculation'];
+		} else {
+			$options['request_checksum_calculation'] = 'when_required';
 		}
 
 		if (isset($this->params['response_checksum_validation'])) {
 			$options['response_checksum_validation'] = $this->params['response_checksum_validation'];
+		} else {
+			$options['response_checksum_validation'] = 'when_required';
 		}
 
 		if ($this->getProxy()) {