Problem description
The security token is specified in the URL and headers of a request at the same time.
Causes
The access credentials obtained from STS are used in the request for authentication. The request contains the security-token parameter in the request URL and contains the x-oss-security-token field in request headers.
Examples
The access credentials obtained from STS are used in the request for authentication. However, the security token is specified in the URL and headers of a request at the same time.
GET /oss.jpg?security-token=CAISowJ1q6Ft5B2yfSjIr5bgIOz31blR**** HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Fri, 24 Feb 2012 06:38:30 GMT
Authorization: OSS qn6q**************:77Dv****************
x-oss-security-token: CAISowJ1q6Ft5B2yfSjIr5bgIOz31blR****Solutions
Delete the security-token parameter in the request URL and specify the security token only by configuring the x-oss-security-token header field.
GET /oss.jpg HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Fri, 24 Feb 2012 06:38:30 GMT
Authorization: OSS qn6q**************:77Dv****************
x-amz-security-token: CAISowJ1q6Ft5B2yfSjIr5bgIOz31blR****