问题
在使用s3的rest api进行签名请求头文件上传的时候,代理服务器出现了403问题
原因
必须将指定的所有签名请求头,都带给aws的s3服务器才能正常返回200响应。
如下为请求头信息:
POST /86/1792/19-012-0100.mp4?uploads= HTTP/1.1
Host: xxxx.s3-ap-southeast-1.amazonaws.com
Accept: */*
Authorization: AWS4-HMAC-SHA256 Credential=ASIAX3AQ4GJKKWVJVDVU/20210903/ap-southeast-1/s3/aws4_request, SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date;x-amz-security-token, Signature=10db1255b5ed2f60f1e78225f2695cf48126636c8329800271d116bab4e9fc9c
X-Amz-Date: 20210903T063022Z
X-Amz-Security-Token: IQoJb3JpZ2luX2VjEN///wEaDmFwLXNvdXRoZWFzdC0xIkYwRAIgK/iu+O2gEqEHc5qNR0AgK3dQZK1oCd1D25SsrtGrpEYCIGuodZx7cxPy5j0qWbMd3X0U3UZmeUNn6C2OYQKBq+fRKu4CCCgQARoMNTM5MDUzNzk3OTcyIgyY3sF0l16O08Tg5+sqywIK45HJxpyarfBqkZtOTFFQOX/3FS1SOHKfYznBOJ+H/2pdCnNbfuBXQG99TEWJe6jvBfrjijts7WDpRuOUKFrVtqvz59x+DMVfZoJHc0hLuX6X+KyRZwHwZggVIu1PDYcm3SoMlbt14W9k6HU9yc9ctAwEivVNN5EPgf4iLDtF3aYCniM21MeIdTMYf8wUDw5LUMYxlG+qCLrCvg95cgx96e8B0Y7Psai4hu+OPKbwt8ASF3oRng61qbIb7qtVbq2y/3cfij9cS9z+kBusLgGXJC0KTO1qzvP+X0i9M/VOJgA5Y0WcneGe+n+AaWtE/FC0Z8r4dhjJlYL9zI8ODAEHOWBI1HSEN07fSb2+AVQqzI6sDoWejy0to5j7Rr601UwelMTfXDnK/pleAeO9TZZ0K4ZUx7SvnGwWiwrTY8IISVSjRAGVuXXXHAS0MOWBx4kGOp4Bzabd4lnAw81D9G9bUnHfTQOGRTtLBdY5CrYpsTiy5Ofp0rkMewpzPnfac8KwGEp96gvs0oFBFNGGS1jtPUi6TYPFraAMaofjCKt61oxG4LiV23lixS6zCKm+BfS7n7nGH4qtY46WhN7tBhzbe7yUQaeWHAmIUfMOLbBQ+Up77Zd9lvIQDQnBvWtAXY0QnWHNup5uehF2rXwlXKPc/T4=
Accept-Encoding: gzip, deflate, br
Content-Type: application/octet-stream
Accept-Language: zh-cn
Content-Length: 0
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
User-Agent: aws-sdk-macos/2.13.0 Syncsolution/1 zh_CN transfer-utility
Connection: keep-alive
注意:Authorization
请求头中的SignedHeaders
数据,即
SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date;x-amz-security-token
这里就表示需要aws的服务器验证的请求头,也就意味着代理服务器必须将这些请求头都原封不动的带给s3服务器进行验证。