Google-cloud-node: The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method.

Created on 9 Feb 2017  路  11Comments  路  Source: googleapis/google-cloud-node

Hi team,
I have spent a lot of time to solve the problem and also spent a lot of time to search the solution on net but every time I failed. The scenario is that

I am using @google-cloud/storage to upload my image on google cloud storage. Everything is fine. Images successfully uploaded on cloud. Now I want to show these images to my users but I didn't want to give public permission to images. So I created a signed url and trying to download them but everytime I am facing the following problem

<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>
The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method.
</Message>
<StringToSign>GET 1486639481 /<my bucket name>/<my image name></StringToSign>
</Error>

here is my code

//get signed url
    action: 'read',
        expires: Date.now() + 76000000,
        contentType: 'image/jpeg'
    };
    var file = bucket.file('TestingImage.jpg').getSignedUrl(options, function (error, signedUrl) {
        console.log('signed url...');
        console.log(signedUrl);
    });

But when I put this signed url in browser it give me the error.

I am following the url for uploading image
https://googlecloudplatform.github.io/google-cloud-node/#/docs/storage/0.6.0/storage

How ever I can download these image in nodejs using file.download() but I want to view this image on browser

Please guide me when am I wrong.

storage
Source
picture kuldeeppoonia
👍6

Most helpful comment

The browser will need to set the matching Content Type on the request headers.

As needed. If you provide a content-type, the client (browser) must provide this HTTP header set to the same value.
- https://cloud.google.com/storage/docs/access-control/signed-urls

If you remove the content type while creating the signed URL, it should work in the browser.

picture stephenplusplus on 9 Feb 2017
👍168 😄3 🎉1

All 11 comments

The browser will need to set the matching Content Type on the request headers.

As needed. If you provide a content-type, the client (browser) must provide this HTTP header set to the same value.
- https://cloud.google.com/storage/docs/access-control/signed-urls

If you remove the content type while creating the signed URL, it should work in the browser.

stephenplusplus picture stephenplusplus on 9 Feb 2017
👍168 😄3 🎉1

Thanks a lot

kuldeeppoonia picture kuldeeppoonia on 10 Feb 2017

Hi ,

I am using latest 'aws-java-sdk-s3', version: '1.11.158'. I am getting below error when uploading the files. I am able to list the buckets. Is there any signature setting I have do.?

The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method.
com.amazonaws.services.s3.model.AmazonS3Exception: The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method. (Service: Amazon S3; Status Code: 403; Error Code: SignatureDoesNotMatch; Request ID: null), S3 Extended Request ID: null

kirankumar-mahi picture kirankumar-mahi on 6 Jul 2017

Hi, there!

I'm facing the same problem but I've already removed the content type while creating the signed URL.
The interesting fact is that this problem only happens suddenly a few days after the signed URL is created..

The code I'm following is the one below:
https://github.com/firebase/functions-samples/blob/master/generate-thumbnail/functions/index.js

Thanks in advance!

rubsilvah picture rubsilvah on 20 Feb 2018
👍11 👀3

I notice the example code sets the expiration date for 482 years from now, so that's probably not the issue :) (Unless-- did you change it?)

Assuming that's not the case, I'm not sure what it could be. Could you open a new issue on the https://github.com/firebase/functions-samples repo? If it turns out to be a problem with our library, we can continue to look at it and see what we can do.

stephenplusplus picture stephenplusplus on 21 Feb 2018

I'm getting the same error. I do not pass content-type to signer method. Do I need to set some special permissions on the bucket maybe, have an ACL or something? Service Account that is used to sign urls has Storage Admin role.

jayarjo picture jayarjo on 2 Apr 2020

Same as @jayarjo here.

Also, the file I'm trying to access have a name like Customers/{id}/kitten.jpeg. I use all this name to get my signedUrl, and not only kitten.jpeg (makes sense to me).

Is there any further explanations here ?

sboudouk picture sboudouk on 24 Apr 2020

Can someone provide solution for this. URL worked for few days after geenration now suddenly my android app is not able to download image and it fails with "HttpException: Invalid statusCode: 403,". From browser it gives below error

This XML file does not appear to have any style information associated with it. The document tree is shown below. <Error> <Code>SignatureDoesNotMatch</Code> <Message> The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method. </Message> <StringToSign> GET 16447017600 /wmiefy-577a4.appspot.com/images/thumb_5e83f485-656d-45b5-8c40-47b11453e1965771333569762950312.jpg </StringToSign> </Error>

rishisaraf11 picture rishisaraf11 on 26 Jun 2020

Have the same problem :)

export async function storeFileInStorage(filename: string, objectId: string, fileType: FileType, base64Content: Buffer, objectType: string): Promise<FileInfo> {

  const folderName = objectType === "PROFILE" ? `profiles` : `agreements`;

  const bucket = admin.storage().bucket();

  const fileAsByteArray = new Uint8Array(base64Content);
  const bucketFilename = folderName + "/" + objectId + "/" + fileType + "_" + filename;
  const file = bucket.file(bucketFilename);

  let publicUrl;


  await file.save(fileAsByteArray)
      .then(async stuff => {
        publicUrl = await file.getSignedUrl({
          action: "read",
          expires: "05-09-2999"
        });
      }).catch(err => {
        throw Error("Could not store file for objectId: ${objectId} with to ${bucketFilename} error: ${err}");
      });

  return {publicUrl: publicUrl ?? "", storagePath: bucketFilename, type: fileType};
}

For example url

Can someone suggest something?

SergeiEensalu picture SergeiEensalu on 19 Aug 2020

Greetings folks! If you're having issues, please open a new issue here:
https://github.com/googleapis/nodejs-storage/

JustinBeckwith picture JustinBeckwith on 19 Aug 2020
👍1

For me it was because I was using POST instead of PUT, it's not just about the ContentType header, the _http method also has to match_, in golang:

method := "PUT"   // THIS MUST MATCH
expires := time.Now().Add(time.Minute * 10)

url, err := storage.SignedURL(bucket, filename, &storage.SignedURLOptions{
  GoogleAccessID: cfg.Email,
  PrivateKey:     cfg.PrivateKey,
  Method:         method,   
  Expires:        expires,
  ContentType:    "binary/octet-stream",   // NOTE
})

if err != nil {
// ...
}

var client = http.DefaultClient
request, err := http.NewRequest("PUT", url, req.Body)  // we use PUT not POST

if err != nil {
// ....
}

request.Header.Set("Content-Type", "binary/octet-stream")  // this must match
response, err := client.Do(request)
ORESoftware picture ORESoftware on 21 Dec 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

vvzen picture vvzen  路  4Comments
chadbr picture chadbr  路  3Comments
sporkd picture sporkd  路  5Comments
stephenplusplus picture stephenplusplus  路  3Comments
jmdobry picture jmdobry  路  3Comments