All Products
Search
Document Center

How to handle common errors when the PostObject operation is called

Last Updated: Jul 30, 2021

Overview

This article describes the common errors that occur when the PostObject operation is called and their solutions.

Description

If an error occurs when you call the PostObject operation, make sure that the parameters are correctly configured. For more information, see PostObject. If the error persists, see the following content:

PostObject common errors

Error Cause Solution
ErrorCode: MalformedPOSTRequest ErrorMessage: The body of your POST request is not well-formed multipart/form-data The form field format is invalid. For more information about the form field format, see PostObject form field format.
ErrorCode: InvalidAccessKeyId ErrorMessage: The OSS Access Key Id you provided does not exist in our records. The AccessKey ID is invalid or does not exist, the AccessKey ID of the temporary user expires, or the temporary user does not provide a Security Token Service (STS) token. For more information, see How to troubleshoot 403 status code when you access OSS.
ErrorCode: AccessDenied ErrorMessage: Invalid according to Policy: Policy expired. The expiration value is exceeded due to system time inconsistencies, which causes the policy to expire. Adjust expiration in the policy. Take note of the format of the expiration time, which in GMT and follows the ISO 8601 standard. For more information, see ISO 8601 GMT.
ErrorCode: AccessDenied ErrorMessage: SignatureDoesNotMatch The request signature we calculated does not match the signature you provided. Check your key and signing method. The signature is incorrect. For more information about the correct signing method, see PostObject signature.
ErrorCode: InvalidPolicyDocument ErrorMessage: Invalid Policy: Invalid Simple-Condition: Simple-Conditions must have exactly one property specified. Policy in the request does not contain conditions. For more information about the format of the policy, see PostObject policy format.
ErrorCode: InvalidPolicyDocument ErrorMessage: Invalid Policy: Invalid JSON: unknown char e The Policy format in the request is invalid. Check whether quotation marks (") are missing, or whether backslashes (\) are missing before the escape characters in the policy.
ErrorCode: InvalidPolicyDocument ErrorMessage: Invalid Policy: Invalid JSON: , or ] expected The Policy format in the request is incorrect. Check whether commas (,) or right brackets (]) are missing in the policy.
ErrorCode: AccessDenied ErrorMessage: Invalid according to Policy: Policy Condition failed: ["starts-with", "$key", "user/eric/"] The Key specified in the request does not match what the Policy specifies. Check the value of the form field Key in the request.
ErrorCode: AccessDenied ErrorMessage: Invalid according to Policy: Policy Condition failed: ["eq", "$bucket", "mingdi-bjx"] The bucket specified in the request does not match what the Policy specifies. Check the value of Bucket in the endpoint.
ErrorCode: AccessDenied ErrorMessage: Invalid according to Policy: Policy Condition failed: ["starts-with", "$x-oss-meta-prop", "prop-"] The object metadata x-oss-meta-prop does not match what the policy specifies. Check the value of x-oss-meta-prop in the request.
ErrorCode: AccessDenied ErrorMessage: Invalid according to Policy: Policy Condition failed: ["eq", "${field}", "${value}"] The {field} value specified in the form field does not match the value specified in Policy, or the {field} value is not specified in the request. Check the value of {field} in the request.
ErrorCode: AccessDenied ErrorMessage: You have no right to access this object because of bucket acl. The current user does not have permissions. See How to trouble OSS common permissions errors.
ErrorCode: InvalidArgument ErrorMessage: The bucket POST must contain the specified 'key'. If it is specified, please check the order of the fields Key is not specified in the form field, or Key is specified after the file form field. Add the Key form field or adjust the sequence.

PostObject FAQ

Question

Solution

How to specify a key

A key is an object name. The following example demonstrates how to specify a form field key:

Content-Disposition: form-data; name="key"
{key}
--9431149156168
How to specify the content of an object

The following example demonstrates how to specify the content of an object in the file form field :

Content-Disposition: form-data; name="file"; filename="images.png"
Content-Type: image/png
{file-content}
--9431149156168

Note:

  • The file form field must be the last field in the form. In other words, the file form field must be specified after all other form fields.
  • filename is not the object name but the name of the uploaded local file.
How to specify the content-type of the object

The type of the object is the content type specified in the file form field, instead of the content type specified in Header. Example:

Content-Disposition: form-data; name="file"; filename="images.png"
Content-Type: image/png
{file-content}
--9431149156168
How to specify MD5 verification for the content of the object

Specify Content-MD5 in the request headers of the PostObject operation. The MD5 hash is that of the complete body, which is the MD5 hash of all form fields. The following code shows an example of request headers:

POST / HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.6)
Content-Type: multipart/form-data; boundary=9431149156168
Content-MD5: tdqHe4hT/TuKb7Y4by+nJg==
Host: mingdi-hz.oss-cn-hangzhou.aliyuncs.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
Content-Length: 5246
--9431149156168
How to specify a signature

For more information about how a signature is calculated, see PostObject signature. A signature is included in the Signature form field.

How to perform the PostObject operation by using an STS token of a temporary user

The AccessKey ID and AccessKey secret of a temporary user are used in the same way as those of an Alibaba Cloud account or a RAM user. The token is included in the x-oss-security-token form field. Example:

Content-Disposition: form-data; name="Signature"
5L0+KaeugxYygfqWLJLoy0ehOmA=
--9431149156168
Content-Disposition: form-data; name="x-oss-security-token"
{Token}
--9431149156168
Note: For more information about access control, see What is RAM?.
How to implement upload callback

You can use the callback form field to implement upload callback. Example:

Content-Disposition: form-data; name="callback"
eyJjYWxsYmFja0JvZHlUeXBlIjogImFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZCIsICJjYWxsYmFja0JvZHkiOiAiZmlsZW5hbWU9JHtvYmplY3R9JnNpemU9JHtzaXplfSZtaW1lVHlwZT0ke21pbWVUeXBlfSIsICJjYWxsYmFja1VybCI6ICJodHRwOi8vb3NzLWRlbW8uYWxpeXVuY3MuY29tOjIzNDUwIn0=
--9431149156168

The custom parameters of callback are included in the form field. Example:

Content-Disposition: form-data; name="x:var1"
{var1-value}
--9431149156168
Note: For more information about the Callback operation, see Callback.
How to specify Content-Transfer-Encoding

Specify Content-Transfer-Encoding in the file form field. The following code shows an example of the file form field.

Content-Disposition: form-data; name="file"; filename="images.png"
Content-Type: image/png
Content-Transfer-Encoding: base64
{file-content}
--9431149156168
How to specify user metadata

Specify user metadata by using a form field. Example:

Content-Disposition: form-data; name="x-oss-meta-uuid"
{uuid}
--9431149156168
Content-Disposition: form-data; name="x-oss-meta-tag"
{tag}
--9431149156168
Note: For more information about object metadata, see Manage object metadata.
How to specify conditions such as expiration, keys, buckets, sizes, and headers

The PostObject operation in Object Storage Service (OSS) allows you to configure various conditions, which meets the requirements for high security. Conditions can be specified by using the policy form field. For more information, see "PostObject policy format". The following code shows an example on a policy:

{
    "expiration": "2018-01-01T12:00:00.000Z",
    "conditions": [
        ["eq", "[$Bucket]", "md-hz"],
        ["starts-with", "[$Key]", "md/conf/"],
        ["content-length-range", 0, 104857600]
    ]
}

The following content is the conditions configured for the PostObject operation in the preceding example:

  • [$Bucket] must be set to md-hz.
  • The [$Key] value must start with md/conf/.
  • The size of the uploaded object must be smaller than 100 MB.
  • The request must be sent before 2018-01-01T12:00:00.000Z.
How to specify HTTP headers such as Cache-Control, Content-Type, Content-Disposition, Content-Encoding, and Expires

You must specify HTTP headers such as Cache-Control Content-Type, Content-Disposition, Content-Encoding, and Expires in form fields. For more information about the HTTP headers, visit RFC 2616. However, Content-MD5 must be specified in the Post header.

PostObject examples

PostObject form field format

  • Take note of the following content when you send a PostObject request:
    • The header of the request must contain Content-Type: multipart/form-data; boundary={boundary}.
    • The request header and body are separated by \r\n--{boundary}.
    • The following code shows the form field format:
      Content-Disposition: form-data;
              name="{key}"\r\n\r\n{value}\r\n--{boundary}
    • The names of form fields are case-sensitive, such as Policy, Key, file, OSSAccessKeyId, OSSAccessKeySecret, and Content-Disposition.
      Note: The file form field must be the last form field.
      When the access control list (ACL) of a bucket is public-read-write, you do not have to specify the form fields OSSAccessKeyId, policy, or Signature. If one of OSSAccessKeyId, policy, and Signature is specified, the other two form fields must be specified no matter whether the ACL of the bucket is public read/write.
  • The following code shows an example on a PostObject request:
    POST / HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.6)
    Content-Type: multipart/form-data; boundary=9431149156168
    Host: mingdi-hz.oss-cn-hangzhou.aliyuncs.com
    Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
    Connection: keep-alive
    Content-Length: 5052
    --9431149156168
    Content-Disposition: form-data; name="key"
    test-key
    --9431149156168
    Content-Disposition: form-data; name="Content-Disposition"
    attachment;filename=D:\img\1.png
    --9431149156168
    Content-Disposition: form-data; name="OSSAccessKeyId"
    2NeL********j2
    Note:
    • In the preceding sample request, \r\n shows a new line, which is a line feed. This applies to the following sample requests.
    • The preceding sample request is incomplete. For the complete sample request, see PostObject.
  • For more information about the PostObject request, refer to the sample code used by OSS SDKs for the following programming languages:

PostObject policy format

  • The Policy form field of a PostObject request is used to verify the validity of the request and declares the conditions that the request must meet. The following content is the conditions:
    • UTF-8 JSON text must be encoded with Base64 before the text is passed into the policy form field.
    • The policy must contain expiration and conditions. Conditions must contain at least one item.
  • The following code shows an example of the policy before the policy is encoded with Base64. expiration specifies the expiration time of the request, which in GMT and follows the ISO 8601 standard. For example, 2018-01-01T12:00:00.000Z specifies that the request must be sent before 12:00:00 January 1, 2018.
    {
      "expiration": "2018-01-01T12:00:00.000Z",
      "conditions": [
          ["content-length-range", 0, 104857600]
      ]
    }
  • The following table describes the conditions that the POST policy supports.
    Condition Description Example
    Bucket The name of the bucket to which the object is uploaded. Exact match is supported. {"bucket": "johnsmith" } or ["eq", "$bucket", "johnsmith"]
    Key The name of the uploaded object. Exact match and prefix match are supported. ["starts-with", "$key", "user/etc/"]
    content-length-range The maximum and minimum allowed sizes of the uploaded object. ["content-length-range", 0, 104857600]
    x-oss-meta-* The specified object metadata. Exact match and prefix match are supported. ["starts-with", "$x-oss-meta-prop", "prop-"]
    success_action_redirect The redirection URL after a successful upload. Exact match and prefix match are supported. ["starts-with", "$success_action_redirect", "http://www.aliyun.com"]
    success_action_status The returned status code after a successful upload if success_action_redirect is not specified. Exact match and prefix match are supported. ["eq", "$success_action_status", "204"]
    Cache-Control, Content-Type, Content-Disposition, Content-Encoding, and Expires The HTTP headers passed as form fields. Exact match and prefix match are supported. ["eq", "$Content-Encoding", "ZLIB"]
  • The Post policy supports the following escape characters. Escape characters begin with a backslash (\) .
    Escape character Description
    \/ Slash
    \ Backslash
    \" Double quotation mark
    \$ Dollar sign
    \b Blank
    \f Form feed
    \n Line feed
    \r Enter
    \t Horizontal tab
    \uxxxx Unicode character
  • For more information about PostPolicy, see Post Policy.

PostObject signature

  • For a POST request to be verified, the request must include the AccessKeyID, policy, and signature form fields. To calculate a signature, perform the following steps:
    • Create a policy encoded with UTF-8.
    • Encode the policy with base64. The result is the value to be populated into the policy form field. This value is used as the string-to-sign.
    • Sign the string by using AccessKeySecret. Specifically, hash the string by using hmac-sha1 and then encode the hashed string with Base64. The signature method is the same as that for Header Signature. Example:
      Signature = base64(hmac-sha1(AccessKeySecret, base64(policy)))
      Specify the calculated signature in the Signature form field. Example:
      Content-Disposition: form-data; name="Signature"
      {signature}
      --9431149156168
  • If you have questions, see the sample code:

PostObject introduction

You can call the PostObject operation to upload an object to a specified bucket by using an HTML form. The message body of a PostObject request is encoded in the multipart/form-data format. In PostObject operations, parameters are passed as form fields in the request message body, whereas parameters are passed as HTTP request headers in PutObject operations. For more information, see RFC 2388. A PostObject message consists of a header and a body. The request header and the body are separated by \r\n--{boundary}. The body consists of a series of form fields in the following format:

Content-Disposition: form-data; name="{key}"\r\n\r\n{value}\r\n--{boundary}

Common headers include Host, User-Agent, Content-Length, Content-Type, and Content-MD5 . Form fields include key, OSSAccessKeyId, Signature, Content-Disposition, object meta (x-oss-meta-*), x-oss-security-token, other HTTP headers (Cache-Control/Content-Type/Cache-Control/Content-Type/Content-Disposition/Content-Encoding/Expires/Content-Encoding/Expires), and file. The last form field must be file. For more information, see PostObject.

References

Application scope

  • OSS