Google-cloud-node: 403 Invalid signature when creating signed URL for browser to upload
Environment details
- OS: macOS 10.12 Sierra
- Node.js version: 6.8.1
- npm version: 3.10.8
- google-cloud-node version: 0.41.2
Steps to reproduce
Hi! :)
I put together a repo with an isolated test case: https://github.com/HenrikJoreteg/google-cloud-signedurl-test-case
Also posted an SO question: http://stackoverflow.com/questions/40072373/create-signed-urls-for-google-cloud-storage-with-node-js-for-direct-upload-from
The goal is simple: node.js API creates signed urls, browser uploads directly with XMLHttpRequest 2.0 upload.
I've enabled CORS, downloaded a JSON keyfile for project with what I think is correct permissions, yet I keep getting the following response with a 403:
<?xml version='1.0' encoding='UTF-8'?><Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method.</Message><StringToSign>PUT
image/png
1476683717
/cowork-group/IMG_2540.png</StringToSign></Error>
Likely I missed something stupid somewhere, but I've triple checked.
Should this work as is? or am I missing something?
Seems odd that it's saying the signature doesn't match, when the signed URL was generated by the official SDK lib and the other details seem ok. Any help is much appreciated.
HenrikJoreteg
All 5 comments
Hello! :)
Thanks for writing to us about this, I can see how that error message isn't very helpful in debugging the problem. I noticed on the fork that a PR was sent to your repro-repo with the same solution I would give, which is setting the content type when creating the signed URL:
bucket.file(file).getSignedUrl({
action: 'write',
expires: Date.now() + 6000000,
+ contentType: 'image/png'
}, (error, signedUrl) => {
Let me know if that works! I'll add a note in our docs to make it more clear you probably want to set contentType when uploading a file.
stephenplusplus
on 17 Oct 2016
Likely I missed something stupid somewhere, but I've triple checked.
鈽濓笍 as usual. lol. Anyway, everything was hunky dory once I added a content type to the signature. Thanks for the help, I think some clarification in the docs or the error that its required may save someone else some trouble.
HenrikJoreteg
on 17 Oct 2016
@stephenplusplus You just saved me another hour of confusion. Bless you sir.
ghost
on 19 Mar 2018
@stephenplusplus Unfortunately I already spent hours trying to figure this 403 out... Can you please update the docs to make note of this required option?
GavinThomas1192
on 21 Aug 2018
Ok, also got me. I spent a good few hours being really very angry at Google Cloud Platform, and all I needed was a content-type parameter.
antony
on 9 Jan 2019
Related issues
mik115
路
5Comments
hvolschenk
路
4Comments
bamapookie
路
5Comments
pputhran
路
4Comments
jmdobry
路
3Comments
Most helpful comment
Hello! :)
Thanks for writing to us about this, I can see how that error message isn't very helpful in debugging the problem. I noticed on the fork that a PR was sent to your repro-repo with the same solution I would give, which is setting the content type when creating the signed URL:
Let me know if that works! I'll add a note in our docs to make it more clear you probably want to set
contentTypewhen uploading a file.