Problem description
The additional headers in the signed URL contain headers that do not exist in the request headers of a request.
Causes
A signed URL is used to send a request, but the x-oss-additional-headers header that specifies a list of request headers contains headers that do not exist in the request headers, or a header contains underscores (_).
Examples
In the following request, the range header of the x-oss-additional-headers header does not exist in the request headers.
GET /test.txt?x-oss-signature-version=OSS2&x-oss-additional-headers=host;range&x-oss-access-key-id=44CF9***&x-oss-expires=1475462111&x-oss-signature=abc*** HTTP/1.0
Date: Tue, 20 Dec 2022 08:48:18 GMT
Host: oss-example.oss-cn-hangzhou.aliyuncs.comSolutions
Make sure that the value of the
x-oss-additional-headersheader does not contain underscores (_).Delete the range header from the
x-oss-additional-headersheader.GET /test.txt?x-oss-signature-version=OSS2&x-oss-additional-headers=host&x-oss-access-key-id=44CF9***&x-oss-expires=1475462111&x-oss-signature=abc*** HTTP/1.0 Date: Tue, 20 Dec 2022 08:48:18 GMT Host: oss-example.oss-cn-hangzhou.aliyuncs.com
We recommend that you use Alibaba Cloud SDKs to initiate requests. Alibaba Cloud SDKs automatically generate signatures for the requests without the need to manually calculate a signature. For more information, see Overview.
