This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Server-side modification of header seems to cause SignatureDoesNotMatch error

Posted on 01-04-2024 03:35 AM
kofuk
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I got SignatureDoesNotMatch error calling Cloud Storage's XML API using aws-sdk-go-v2.
SignatureDoesNotMatch is an error occurs when signature in Authorization header is not valid.
I think the cause of the issue is that Google's internal system modifies header `accept-encoding: identity` to `accept-encoding: identity,gzip(gfe)`.

I found that modification because the error response contains the headers to calculate the signature on the Google server.
I compared these to the headers which I sent, and found a difference from the original one.

Also, I sent a request without including accept-encoding to signature calculation, and it succeeded.
So, the SignatureDoesNotMatch error seems to be caused by server-side modification of accept-encoding value.

I can calculate signature without `accept-encoding`, but it requires some hacks on aws-sdk-go-v2, so I would not like to use this solution.

Question:
- Why was `gzip(gfe)` added despite that I have not sent?
- Can I avoid the header value to be changed?

Solved Solved
3 2 228
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
christianpaula
Staff
Reply posted on --/--/---- --:-- AM

Hi @kofuk,

Welcome to Google Cloud Community!

You're encountering a "SignatureDoesNotMatch" error when using aws-sdk-go-v2 with Cloud Storage XML API, likely due to server-side modification of the accept-encoding header.

Solutions:

  1. Exclude `accept-encoding` from signature calculation: preferred method; ensure consistent signatures regardless of header modifications. Check aws-sdk-go-v2 documentation or consider custom middleware/code modifications.
  2. Set `accept-encoding` to `identity`, gzip in requests: aligns with modification to potentially avoid mismatches.

Further Assistance:

For specific guidance, contact Google Cloud Support or relevant forums, providing code snippets and SDK details.

Insights:

gzip (gfe) addition might be for optimizations, security, or load balancing.

By implementing these solutions, you should resolve the error.

View solution in original post

Jump to Solution
2 REPLIES 2

Posted on --/--/---- --:-- AM
christianpaula
Staff
Reply posted on --/--/---- --:-- AM

Hi @kofuk,

Welcome to Google Cloud Community!

You're encountering a "SignatureDoesNotMatch" error when using aws-sdk-go-v2 with Cloud Storage XML API, likely due to server-side modification of the accept-encoding header.

Solutions:

  1. Exclude `accept-encoding` from signature calculation: preferred method; ensure consistent signatures regardless of header modifications. Check aws-sdk-go-v2 documentation or consider custom middleware/code modifications.
  2. Set `accept-encoding` to `identity`, gzip in requests: aligns with modification to potentially avoid mismatches.

Further Assistance:

For specific guidance, contact Google Cloud Support or relevant forums, providing code snippets and SDK details.

Insights:

gzip (gfe) addition might be for optimizations, security, or load balancing.

By implementing these solutions, you should resolve the error.

Jump to Solution

Posted on --/--/---- --:-- AM
kofuk
Bronze 1
Bronze 1
In response to christianpaula
Reply posted on --/--/---- --:-- AM

Thank you for your response!

I'll avoid the error using solution 1.

 

Jump to Solution
0 Likes