All Products
Search

This Product

    Object Storage Service:0002-00000112

    Document Center

    Object Storage Service:0002-00000112

    Last Updated:Apr 07, 2025

    Problem description

    The additional headers in the signed URL contain headers that do not exist in the request headers of a request.

    Causes

    You initiated a request that uses the V2 signature, but the AdditionalHeaders header of the Authorization header contains headers that do not exist in the request headers, or a header contains underscores (_).

    Examples

    The request that you initiated uses the V2 signature, but the value of the AdditionalHeaders header of the Authorization header is invalid.

    *GET /oss.jpg HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Tue, 20 Dec 2022 08:48:18 GMT
Authorization: OSS2 AccessKeyId:LTAI****************,AdditionalHeaders:host;range,Signature:n7****

    The AdditionalHeaders header of the Authorization header contains a list of headers that are separated by semicolons (;). Each header must appear in the request headers. In the preceding example, the AdditionalHeaders header is set to host;range, but the range header does not exist in the request headers.

    Solutions

    • Make sure that the value of the AdditionalHeaders header does not contain underscores (_).

    • Delete the range header from the AdditionalHeaders header. 

      GET /oss.jpg HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Tue, 20 Dec 2022 08:48:18 GMT
Authorization: OSS2 AccessKeyId:LTAI****************,AdditionalHeaders:host,Signature:n7I****

    • If you want to set the AdditionalHeaders header to host;range, add the range header to the request. 

      GET /oss.jpg HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Tue, 20 Dec 2022 08:48:18 GMT
Range: 0-2560
Authorization: OSS2 AccessKeyId:LTAI****************,AdditionalHeaders:host,Signature:n7I****

    References

    • For more information about how to use Alibaba Cloud SDKs to initiate a request that uses the V2 signature, see Overview.

    • Use the self-signed mode.

      If the server returns a response that contains the StringToSign parameter, you can check whether the value of the StringToSign parameter on the server is the same as the string before calculation.