Problem description
The expiration time is not specified in the request.
Causes
The V4 signature is used in the request. However, the x-oss-expires field that specifies the expiration time of the signature is not contained in the request.
Examples
The V4 signature is contained in the URL of the request. However, the x-oss-expires field is not contained in the request.
GET /oss.jpg?x-oss-signature-verion=OSS4-HMAC-SHA256&x-oss-credential=***&x-oss-additional-headers=host&x-oss-signature=8u**a3 HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Tue, 20 Dec 2022 08:48:18 GMTThe x-oss-expires field specifies the expiration time of the signature and must be included in a request. The value of the field is a UNIX timestamp.
Solutions
You must specify the x-oss-signature-verion, x-oss-credential, x-oss-expires, and x-oss-signature fields in the request. You can specify the x-oss-additional-headers field as needed. The following code provides an example on how to specify the x-oss-credential field:
GET /oss.jpg?x-oss-signature-verion=OSS4-HMAC-SHA256&x-oss-credential=LTAI****************/20221220/cn-hangzhou/oss/aliyun_v4_request&x-oss-expires=1141889120&x-oss-additional-headers=host&x-oss-signature=8u**a3 HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Tue, 20 Dec 2022 08:48:18 GMTReferences
For information about how to use Alibaba Cloud SDKs to initiate a request that uses the V4 signature, see Overview.
Calculate the signature:
For information about how to calculate the V4 signature, see Calculate V4 signature by using OSS SDK for Python.
For information about how to specify the signature logic based on the V1 signature, see Overview.
If the server returns a response that contains the
StringToSignparameter, you must check whether the value of the StringToSign parameter on the server is the same as the string before calculation.