0002-00000209 - Object Storage Service - Alibaba Cloud Documentation Center

Issue description

The AdditionalHeaders field in the Authorization request header is left empty.

Causes

You initiated a request that uses the V4 signature, but the AdditionalHeaders field in the Authorization request header is left empty.

Examples

You initiated a request that uses the V4 signature, but the signature information in the Authorization header is invalid.

GET /oss.jpg HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Tue, 20 Dec 2022 08:48:18 GMT
Authorization: OSS4-HMAC-SHA256 Credential=AK**ID/20221220/us-east-1/oss/aliyun_v4_request,AdditionalHeaders=,Signature=18**0a
x-oss-content-sha256: UNSIGNED-PAYLOAD

The Authorization header separates the signature version and signature information with a space.

Signature version: Only OSS4-HMAC-SHA256 is supported.
Signature information: The signature information is displayed in the form of key-value pairs. Separate key-value pairs with commas (,) and connect keys and values with equal signs (=).
The key of the signature information includes two required fields (Credential and Signature) and one optional field (AdditionalHeaders). In the preceding example, three keys are included in the Authorization request header, but the AdditionalHeaders field is left empty.

Solutions

The AdditionalHeaders field is optional. If you do not want to add additional request headers to the Authorization request header to calculate the signature, you can delete the field.
If you want to add additional request headers to calculate the signature, add the AdditionalHeaders field to the Authorization request header and make sure that the field is correctly specified. The following section describes how to construct the AdditionalHeaders field:
- All headers in the AdditionalHeaders field must be lowercase letters.
- All headers in the AdditionalHeaders field are sorted in alphabetical order.
- The elements in the array are connected by semicolons (;) to form a string.
For example, you want to add the Host and Range headers to the AdditionalHeaders field to calculate the signature. In this case, you must set the AdditionalHeaders field to host;range.
Make sure that the format of the Authorization header in the request that uses the V4 signature meets the preceding requirements. Example:
```
GET /oss.jpg HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Tue, 20 Dec 2022 08:48:18 GMT
Range: 0-2560
Authorization: OSS4-HMAC-SHA256 Credential=AK**ID/20221220/us-east-1/oss/aliyun_v4_request,AdditionalHeaders=host;range,Signature=18**0a
x-oss-content-sha256: UNSIGNED-PAYLOAD
```
References
- For information about how to use Alibaba Cloud SDKs to initiate a request that uses the V4 signature, see Overview.
- Calculate the signature:
  - For information about how to calculate the V4 signature, see Calculate V4 signature by using OSS SDK for Python.
  - For information about how to specify the signature logic based on the V1 signature, see Overview.
  If the server returns a response that contains the StringToSign parameter, you must check whether the value of the StringToSign parameter on the server is the same as the string before calculation.

Issue description

Causes

Examples

Solutions

References