更新时间:2021-10-09 22:26:58
它仍然可能是您的签名,由于以下原因,我怀疑是这样的:
It still could be your signature, and I suspect that it is, for the following reasons:
您对消息正文是一个很好的观察结果的观察;但是,这并不意味着您已得出结论.
Your observation that the message body is a good observation; however, it doesn't mean what you have concluded it means.
在这种情况下,缺少响应正文根本不会给您任何有关错误性质的信息,因为无论如何,Web服务器都不应随HEAD
响应一起返回正文:
The lack of a response body does not give you any information at all about the nature of the error, in this case, because a web server is not supposed to return a body along with a HEAD
response, no matter what:
HEAD
方法与GET
相同,除了服务器MUST NOT
在响应中返回消息正文
The
HEAD
method is identical toGET
except that the serverMUST NOT
return a message-body in the response
- http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html (RFC-2616)
— http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html (RFC-2616)
从我这一边进行测试,我确认S3对未签名的HEAD
请求和对错误签名的HEAD
请求的响应没有什么不同:它始终是HTTP/1.1 403 Forbidden
,没有消息正文.
Testing this on my side, I've confirmed that S3's response to an unsigned HEAD
request and to an incorrectly-signed HEAD
request is no different: it's always HTTP/1.1 403 Forbidden
with no message body.
还请注意,GET
的签名URL对HEAD
无效,反之亦然.
Note, also, that a signed URL for GET
is not valid for HEAD
, and vice versa.
在S3 签名版本2 和S3 签名版本4 ,即签署"包括"HTTP动词",这将是GET
或HEAD
,这意味着对于GET
有效的签名对于HEAD
无效,反之亦然...在签名时必须知道请求方法,因为它是签名过程中使用的元素.
In both S3 Signature Version 2 and S3 Signature Version 4, the "String to Sign" includes the "HTTP Verb," which would be GET
or HEAD
, meaning that a signature that's valid for GET
would not be valid for HEAD
, and vice versa... the request method must be known at the time of signing, because it's an element that's used in the signing process.
s3:GetObject
权限是唯一的记录的权限使用HEAD
是必需的,如果GET
在工作,这似乎可以消除权限问题,这将指向签名,这是潜在的问题.
The s3:GetObject
permission is the only documented permission required for using HEAD
, which seems to eliminate permissions as the problem, if GET
is working, which points back to the signature as the potential issue.