Google-cloud-go: Storage: SignedURL does not generate working URL's
(delete this for feature requests)
Client
Storage
Describe Your Environment
MacOS High Sierra, 10.13.6 (17G65)
Expected Behavior
Generated signed URLs should work as expected
Actual Behavior
Signed URLs consistently result in an error.
// Generation Code:
url, err := storage.SignedURL("redacted-bucket", "redacted-object", &storage.SignedURLOptions{
GoogleAccessID: "<redacted>@<redacted>.iam.gserviceaccount.com",
PrivateKey: []byte("-----BEGIN PRIVATE KEY-----\nMIIEv..."),
Method: "GET",
Expires: time.Now().Add(48 * time.Hour),
})
// Using the same URL in:
// Browser (Chrome)
<Error>
<Code>MalformedSecurityHeader</Code>
<Message>Your request has a malformed header.</Message>
<ParameterName>signature</ParameterName>
<Details>Signature was not base64 encoded</Details>
</Error>
// CURL:
<Error>
<Code>AccessDenied</Code>
<Message>Access denied.</Message>
<Details>Anonymous caller does not have storage.objects.get access to redacted-bucket/redacted-object</Details>
</Error>
samsends
All 6 comments
Curl: Wrapping the URL in quotes solves the problem.
Browser: manually changing the host to storage.cloud.google.com seemed to work.
This is very inconsistent. Please consider upgrading to the newer format utilized by gsutil.
e.g.
x-goog-algorithm=
x-goog-credential=
x-goog-date=
x-goog-expires=
x-goog-signature=
I know you closed this, but I was curious anyway.
I couldn't reproduce either problem. The URL I generated looks like https://storage.googleapis.com/my-bucket/my-object?Expires=1532098587&GoogleAccessId=642080918101-compute%40developer.gserviceaccount.com&Signature=LACE3ECUdfuiGAXpMVGaFyfMLg%2B9AosihkmsCOeYXsE49HNf%2BlEJ5JD%2Fu0gaTxv97WbRBYvEtUJFytezbF1UG5lLi5WeeRbRwvaiX8%2BDCXapO7e1%2BYhsbqKIWWlMh2cTHt8ua1MSUE4R6FsyBrnvd1dKBh0PjZypz1rhssrXg1BIo7Htz4H4wWzFaC3B8b7dn7Kpcn6Z2%2BL3OsNGjro%2FqMoKkGpYg%2BUbanTpV7uvgWPOMYYeFxRVim5JF%2BF8Xs7AVuxPRvLprl2Vp5CshIfJ%2FdQ8EJMqqyI9CvEZNOwirBDhOq9sbNXT0sqE2uxhtCGLSYPGglGjnM1yPFpCoWvSFg%3D%3D.
I used it with curl as is, without quotes, in a bash shell, and it worked fine.
I pasted it into my Chrome browser and it worked.
jba
on 20 Jul 2018
Getting the same error as @sbsends. Both the suggested workarounds work in my case too.
The link I generated using the Cloud Storage nodejs upload and getSignedUrl calls:
```ts
const response = await storage.bucket(bucketName).upload(filename, {
gzip: true,
destination: folderName+'/'+filename.split('/').pop(),
metadata: {
cacheControl: 'public, max-age=31536000',
},
});
const urlData = await response[0].getSignedUrl({
action: 'read',
expires: '03-09-2491'
})
```
Here is the link which was generated:
mayurdhurpate
on 7 Jul 2019
Had the same problem. The workarround works but why does this happen?
diogoaguiar
on 22 Jan 2020
Mind filing a new bug with the code used to generate the URL, the client version (e.g. v0.51.0), the URL you get, the URL that works, and any other information that's helpful?
tbpg
on 22 Jan 2020
still happening with node client
anasanzari
on 7 Apr 2020
Related issues
dragan-cikic-shortcut
路
3Comments
muratsplat
路
3Comments
eriklott
路
4Comments
purohit
路
4Comments
rileykarson
路
4Comments
Most helpful comment
Curl: Wrapping the URL in quotes solves the problem.
Browser: manually changing the host to storage.cloud.google.com seemed to work.
This is very inconsistent. Please consider upgrading to the newer format utilized by gsutil.