fix(s3): make data integrity protections opt-in

Signed-off-by: Daniel Kesselberg <[email protected]>

Author: kesselb

config/config.sample.php

@@ -1918,6 +1918,12 @@
 		// optional: Maximum number of retry attempts for failed S3 requests
 		// Default: 5
 		'retriesMaxAttempts' => 5,
+		// Data Integrity Protections for Amazon S3 (https://docs.aws.amazon.com/sdkref/latest/guide/feature-dataintegrity.html)
+		// Valid values are "when_required" (default) and "when_supported".
+		// To ensure compatibility with 3rd party S3 implementations, Nextcloud disables it by default. However, if you are
+		// using Amazon S3 (or any other implementation that supports it) we recommend enabling it by using "when_supported".
+		'request_checksum_calculation' => 'when_required',
+		'response_checksum_validation' => 'when_required',
 	],
 ],
 

lib/private/Files/ObjectStore/S3ConnectionTrait.php

@@ -128,10 +128,14 @@ public function getConnection() {
 
 		if (isset($this->params['request_checksum_calculation'])) {
 			$options['request_checksum_calculation'] = $this->params['request_checksum_calculation'];
+		} else {
+			$options['request_checksum_calculation'] = 'when_required';
 		}
 
 		if (isset($this->params['response_checksum_validation'])) {
 			$options['response_checksum_validation'] = $this->params['response_checksum_validation'];
+		} else {
+			$options['response_checksum_validation'] = 'when_required';
 		}
 
 		if ($this->getProxy()) {