0002-00000112

Problem description

The additional headers in the signed URL contain headers that do not exist in the request headers of a request.

Causes

You initiated a request that uses the V2 signature, but the AdditionalHeaders header of the Authorization header contains headers that do not exist in the request headers, or a header contains underscores (_).

Examples

The request that you initiated uses the V2 signature, but the value of the AdditionalHeaders header of the Authorization header is invalid.

*GET /oss.jpg HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Tue, 20 Dec 2022 08:48:18 GMT
Authorization: OSS2 AccessKeyId:LTAI****************,AdditionalHeaders:host;range,Signature:n7****

The AdditionalHeaders header of the Authorization header contains a list of headers that are separated by semicolons (;). Each header must appear in the request headers. In the preceding example, the AdditionalHeaders header is set to host;range, but the range header does not exist in the request headers.

Solutions

• Make sure that the value of the AdditionalHeaders header does not contain underscores (_).

• Delete the range header from the AdditionalHeaders header.

  GET /oss.jpg HTTP/1.1
  Host: oss-example.oss-cn-hangzhou.aliyuncs.com
  Date: Tue, 20 Dec 2022 08:48:18 GMT
  Authorization: OSS2 AccessKeyId:LTAI****************,AdditionalHeaders:host,Signature:n7I****

• If you want to set the AdditionalHeaders header to host;range, add the range header to the request.

  GET /oss.jpg HTTP/1.1
  Host: oss-example.oss-cn-hangzhou.aliyuncs.com
  Date: Tue, 20 Dec 2022 08:48:18 GMT
  Range: 0-2560
  Authorization: OSS2 AccessKeyId:LTAI****************,AdditionalHeaders:host,Signature:n7I****

References

• For more information about how to use Alibaba Cloud SDKs to initiate a request that uses the V2 signature, see Overview.

• Use the self-signed mode.

  • If you want to calculate the V2 signature, see Calculate V2 signature by using OSS SDK for Python.

  • If you want to specify the signature logic, see Initiating RESTful API requests.

  If the server returns a response that contains the StringToSign parameter, you can check whether the value of the StringToSign parameter on the server is the same as the string before calculation.