它仍然可能是您的签名，由于以下原因，我怀疑是这样的:

It still could be your signature, and I suspect that it is, for the following reasons:

您对消息正文是一个很好的观察结果的观察；但是，这并不意味着您已得出结论.

Your observation that the message body is a good observation; however, it doesn't mean what you have concluded it means.

在这种情况下，缺少响应正文根本不会给您任何有关错误性质的信息，因为无论如何，Web服务器都不应随HEAD响应一起返回正文:

The lack of a response body does not give you any information at all about the nature of the error, in this case, because a web server is not supposed to return a body along with a HEAD response, no matter what:

HEAD方法与GET相同，除了服务器MUST NOT在响应中返回消息正文

The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response

^{- http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html (RFC-2616)}

^{— http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html (RFC-2616)}

从我这一边进行测试，我确认S3对未签名的HEAD请求和对错误签名的HEAD请求的响应没有什么不同:它始终是HTTP/1.1 403 Forbidden，没有消息正文.

Testing this on my side, I've confirmed that S3's response to an unsigned HEAD request and to an incorrectly-signed HEAD request is no different: it's always HTTP/1.1 403 Forbidden with no message body.

还请注意，GET的签名URL对HEAD无效，反之亦然.

Note, also, that a signed URL for GET is not valid for HEAD, and vice versa.

在S3 签名版本2 和S3 签名版本4 ，即签署"包括"HTTP动词"，这将是GET或HEAD，这意味着对于GET有效的签名对于HEAD无效，反之亦然...在签名时必须知道请求方法，因为它是签名过程中使用的元素.

In both S3 Signature Version 2 and S3 Signature Version 4, the "String to Sign" includes the "HTTP Verb," which would be GET or HEAD, meaning that a signature that's valid for GET would not be valid for HEAD, and vice versa... the request method must be known at the time of signing, because it's an element that's used in the signing process.

s3:GetObject权限是唯一的记录的权限使用HEAD是必需的，如果GET在工作，这似乎可以消除权限问题，这将指向签名，这是潜在的问题.

The s3:GetObject permission is the only documented permission required for using HEAD, which seems to eliminate permissions as the problem, if GET is working, which points back to the signature as the potential issue.