This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Server-side modification of header seems to cause SignatureDoesNotMatch error

Posted on 01-04-2024 03:35 AM
kofuk
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I got SignatureDoesNotMatch error calling Cloud Storage's XML API using aws-sdk-go-v2.
SignatureDoesNotMatch is an error occurs when signature in Authorization header is not valid.
I think the cause of the issue is that Google's internal system modifies header `accept-encoding: identity` to `accept-encoding: identity,gzip(gfe)`.

I found that modification because the error response contains the headers to calculate the signature on the Google server.
I compared these to the headers which I sent, and found a difference from the original one.

Also, I sent a request without including accept-encoding to signature calculation, and it succeeded.
So, the SignatureDoesNotMatch error seems to be caused by server-side modification of accept-encoding value.

I can calculate signature without `accept-encoding`, but it requires some hacks on aws-sdk-go-v2, so I would not like to use this solution.

Question:
- Why was `gzip(gfe)` added despite that I have not sent?
- Can I avoid the header value to be changed?

Solved Solved
3 2 1,210
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
christianpaula
Staff
Reply posted on --/--/---- --:-- AM

Hi @kofuk,

Welcome to Google Cloud Community!

You're encountering a "SignatureDoesNotMatch" error when using aws-sdk-go-v2 with Cloud Storage XML API, likely due to server-side modification of the accept-encoding header.

Solutions:

  1. Exclude `accept-encoding` from signature calculation: preferred method; ensure consistent signatures regardless of header modifications. Check aws-sdk-go-v2 documentation or consider custom middleware/code modifications.
  2. Set `accept-encoding` to `identity`, gzip in requests: aligns with modification to potentially avoid mismatches.

Further Assistance:

For specific guidance, contact Google Cloud Support or relevant forums, providing code snippets and SDK details.

Insights:

gzip (gfe) addition might be for optimizations, security, or load balancing.

By implementing these solutions, you should resolve the error.

View solution in original post

Jump to Solution
2 REPLIES 2
Top Labels in this Space
Top Solution Authors
View all