0002-00000210 - Object Storage Service - Alibaba Cloud Documentation Center

Issue description

Empty strings exist in the AdditionalHeaders field of the Authorization header.

Cause

You initialize a request that uses the V4 signature. However, empty headers exist in the AdditionalHeaders field of the Authorization header.

Example

The following code provides an example. In this example, the value of the AdditionalHeaders field in the Authorization header is host;, which indicates that the first header is host, and the second header is an empty string. However, Object Storage Service (OSS) does not allow empty strings.

GET /oss.jpg HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Tue, 20 Dec 2022 08:48:18 GMT
Authorization: OSS4-HMAC-SHA256 Credential=AK**ID/20221220/us-east-1/oss/aliyun_v4_request,AdditionalHeaders=host;,Signature=18**0a
x-oss-content-sha256: UNSIGNED-PAYLOAD

Solution

The AdditionalHeaders field is optional. If you do not want to add additional request headers to the Authorization request header to calculate the signature, you can delete the field.
If you want to add additional request headers to calculate the signature, add the AdditionalHeaders field to the Authorization request header and make sure that the field is correctly specified. The following section describes how to construct the AdditionalHeaders field:
- All headers in the AdditionalHeaders field must be lowercase letters.
- All headers in the AdditionalHeaders field are sorted in alphabetical order.
- The elements in the array are connected by semicolons (;) to form a string.
For example, you want to add the Host and Range headers to the AdditionalHeaders field to calculate the signature. In this case, you must set the AdditionalHeaders field to host;range.
Make sure that the format of the Authorization header in the request that uses the V4 signature meets the preceding requirements. Example:
```
GET /oss.jpg HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Tue, 20 Dec 2022 08:48:18 GMT
Range: 0-2560
Authorization: OSS4-HMAC-SHA256 Credential=AK**ID/20221220/us-east-1/oss/aliyun_v4_request,AdditionalHeaders=host;range,Signature=18**0a
x-oss-content-sha256: UNSIGNED-PAYLOAD
```
References
- For information about how to use Alibaba Cloud SDKs to initiate a request that uses the V4 signature, see Overview.
- Calculate the signature:
  - For information about how to calculate the V4 signature, see Calculate V4 signature by using OSS SDK for Python.
  - For information about how to specify the signature logic based on the V1 signature, see Overview.
  If the server returns a response that contains the StringToSign parameter, you must check whether the value of the StringToSign parameter on the server is the same as the string before calculation.

Issue description

Cause

Example

Solution

References