Issue description
The AdditionalHeaders field in the Authorization header contains empty strings.
Cause
You initiate a request that uses the V2 signature. However, empty strings exist in the AdditionalHeaders field of the Authorization header.
Example
The following code provides an example:
GET /oss.jpg HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Tue, 20 Dec 2022 08:48:18 GMT
Authorization: OSS2 AccessKeyId:44**07,AdditionalHeaders:host;,Signature:n7***I0=The Authorization header uses a space to separate the signature version and signature information.
Signature version: Only
OSS2is supported.Signature information: The signature information is displayed in the form of key-value pairs (key:value). Separate key-value pairs with commas (,), and separate keys and values with colon (:).
The key of the signature information includes two required fields (
AccessKeyIdandSignature) and one optional field (AdditionalHeaders). In the preceding example, the value of theAdditionalHeadersfield ishost;, which indicates that the first header is host and the second header is an empty string. OSS does not support empty strings in theAdditionalHeadersfield.
Solution
Make sure that the value of the AdditionalHeaders field in the Authorization header in the request that uses V2 signature is correct.
GET /oss.jpg HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Tue, 20 Dec 2022 08:48:18 GMT
Authorization: OSS2 AccessKeyId:44**07,AdditionalHeaders:host,Signature:n7I**I0=References
Use Alibaba Cloud SDKs to initiate a request that uses the V2 signature. For more information, see Overview.
Use the self-signed mode.
If you want to calculate the V2 signature, see Calculate V2 signature by using OSS SDK for Python.
If you want to specify the signature logic, see Overview.
If the server returns a response that contains the
StringToSignparameter, you can check whether the value of the StringToSign parameter on the server is the same as the string before calculation.