From c6ec3fdfbaad873834df9ddebec7fa7fe5c125be Mon Sep 17 00:00:00 2001
From: kannappanr <30541348+kannappanr@users.noreply.github.com>
Date: Fri, 26 Oct 2018 18:03:17 -0700
Subject: [PATCH] Return error response header only for HEAD method (#6709)

---
 cmd/generic-handlers.go      |  6 +++++-
 cmd/generic-handlers_test.go | 13 ++++++++-----
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/cmd/generic-handlers.go b/cmd/generic-handlers.go
index 2b781c74c..f07df2d65 100644
--- a/cmd/generic-handlers.go
+++ b/cmd/generic-handlers.go
@@ -783,7 +783,11 @@ type sseTLSHandler struct{ handler http.Handler }
 func (h sseTLSHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	// Deny SSE-C requests if not made over TLS
 	if !globalIsSSL && (crypto.SSEC.IsRequested(r.Header) || crypto.SSECopy.IsRequested(r.Header)) {
-		writeErrorResponseHeadersOnly(w, ErrInsecureSSECustomerRequest)
+		if r.Method == http.MethodHead {
+			writeErrorResponseHeadersOnly(w, ErrInsecureSSECustomerRequest)
+		} else {
+			writeErrorResponse(w, ErrInsecureSSECustomerRequest, r.URL)
+		}
 		return
 	}
 	h.handler.ServeHTTP(w, r)
diff --git a/cmd/generic-handlers_test.go b/cmd/generic-handlers_test.go
index b014aa7a6..19e65b2a0 100644
--- a/cmd/generic-handlers_test.go
+++ b/cmd/generic-handlers_test.go
@@ -19,6 +19,7 @@ package cmd
 import (
 	"net/http"
 	"net/http/httptest"
+	"net/url"
 	"strconv"
 	"testing"
 
@@ -184,14 +185,15 @@ func TestContainsReservedMetadata(t *testing.T) {
 }
 
 var sseTLSHandlerTests = []struct {
+	URL               *url.URL
 	Header            http.Header
 	IsTLS, ShouldFail bool
 }{
-	{Header: http.Header{}, IsTLS: false, ShouldFail: false},                                        // 0
-	{Header: http.Header{crypto.SSECAlgorithm: []string{"AES256"}}, IsTLS: false, ShouldFail: true}, // 1
-	{Header: http.Header{crypto.SSECAlgorithm: []string{"AES256"}}, IsTLS: true, ShouldFail: false}, // 2
-	{Header: http.Header{crypto.SSECKey: []string{""}}, IsTLS: true, ShouldFail: false},             // 3
-	{Header: http.Header{crypto.SSECopyAlgorithm: []string{""}}, IsTLS: false, ShouldFail: true},    // 4
+	{URL: &url.URL{}, Header: http.Header{}, IsTLS: false, ShouldFail: false},                                        // 0
+	{URL: &url.URL{}, Header: http.Header{crypto.SSECAlgorithm: []string{"AES256"}}, IsTLS: false, ShouldFail: true}, // 1
+	{URL: &url.URL{}, Header: http.Header{crypto.SSECAlgorithm: []string{"AES256"}}, IsTLS: true, ShouldFail: false}, // 2
+	{URL: &url.URL{}, Header: http.Header{crypto.SSECKey: []string{""}}, IsTLS: true, ShouldFail: false},             // 3
+	{URL: &url.URL{}, Header: http.Header{crypto.SSECopyAlgorithm: []string{""}}, IsTLS: false, ShouldFail: true},    // 4
 }
 
 func TestSSETLSHandler(t *testing.T) {
@@ -206,6 +208,7 @@ func TestSSETLSHandler(t *testing.T) {
 		w := httptest.NewRecorder()
 		r := new(http.Request)
 		r.Header = test.Header
+		r.URL = test.URL
 
 		h := setSSETLSHandler(okHandler)
 		h.ServeHTTP(w, r)