Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
SignatureDoesNotMatch on first request
See original GitHub issuei’m having a weird issue where the first request via boto results in a 403 Forbidden, while subsequent requests succeed. this is the result of the first request:
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><AWSAccessKeyId>ACCESSKEY</AWSAccessKeyId><StringToSign>GET
1458556343
/prod-jimdo-userfiles/16261693/image/7195799060</StringToSign><SignatureProvided>4tFMCWtbbZMTJCgAUeTe Jx7K2I=</SignatureProvided><StringToSignBytes>47 45 54 0a 0a 0a 31 34 35 38 35 35 36 33 34 33 0a 2f 70 72 6f 64 2d 6a 69 6d 64 6f 2d 75 73 65 72 66 69 6c 65 73 2f 31 36 32 36 31 36 39 33 2f 69 6d 61 67 65 2f 37 31 39 35 37 39 39 30 36 30</StringToSignBytes><RequestId>B310FAD6A4EF1700</RequestId><HostId>6QCy5Tv5bm+yO8Fv78ZZd6a4IQPVLpRggP0+eOv9P0xqT04obzT3sD2WcRv1mEBvvGU/nvolSYg=</HostId></Error>
we are using boto as a backend-adapter in thumbor and those are the application logs for the same request-uri. as you can see the first request fails while the second one succeeds:
2016-03-21 10:32:22 botocore.credentials:DEBUG Skipping environment variable credential check because profile name was explicitly set.
2016-03-21 10:32:22 botocore.credentials:DEBUG Looking for credentials via: env
2016-03-21 10:32:22 botocore.credentials:INFO Found credentials in environment variables.
2016-03-21 10:32:22 botocore.client:DEBUG Registering retry handlers for service: s3
2016-03-21 10:32:22 botocore.hooks:DEBUG Event creating-client-class.s3: calling handler <function add_generate_presigned_post at 0x10ed2c488>
2016-03-21 10:32:22 botocore.hooks:DEBUG Event creating-client-class.s3: calling handler <function add_generate_presigned_url at 0x10ed26c08>
2016-03-21 10:32:23 botocore.endpoint:DEBUG Setting s3 timeout as (60, 60)
2016-03-21 10:32:23 thumbor:DEBUG Cleaning key: 16261693/image/7195799060
2016-03-21 10:32:23 thumbor:DEBUG Cleansed key: 16261693/image/7195799060
2016-03-21 10:32:23 botocore.utils:DEBUG Checking for DNS compatible bucket for: https://s3-eu-west-1.amazonaws.com/prod-jimdo-userfiles/16261693/image/7195799060
2016-03-21 10:32:23 botocore.utils:DEBUG URI updated to: https://prod-jimdo-userfiles.s3.amazonaws.com/16261693/image/7195799060
2016-03-21 10:32:23 botocore.auth:DEBUG Calculating signature using hmacv1 auth.
2016-03-21 10:32:23 botocore.auth:DEBUG HTTP request method: GET
2016-03-21 10:32:23 botocore.auth:DEBUG StringToSign:
GET
1458556343
/prod-jimdo-userfiles/16261693/image/7195799060
2016-03-21 10:32:23 tornado.curl_httpclient:DEBUG GET https://prod-jimdo-userfiles.s3.amazonaws.com/16261693/image/7195799060?AWSAccessKeyId=ACCESSKEY&Expires=1458556343&Signature=4tFMCWtbbZMTJCgAUeTe+Jx7K2I=
2016-03-21 10:32:23 tornado.curl_httpclient:DEBUG Trying 54.231.134.50...
2016-03-21 10:32:23 tornado.curl_httpclient:DEBUG Connected to prod-jimdo-userfiles.s3.amazonaws.com (54.231.134.50) port 443 (#0)
2016-03-21 10:32:23 tornado.curl_httpclient:DEBUG TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
2016-03-21 10:32:23 tornado.curl_httpclient:DEBUG Server certificate: *.s3.amazonaws.com
2016-03-21 10:32:23 tornado.curl_httpclient:DEBUG Server certificate: DigiCert SHA2 High Assurance Server CA
2016-03-21 10:32:23 tornado.curl_httpclient:DEBUG Server certificate: DigiCert High Assurance EV Root CA
2016-03-21 10:32:23 tornado.curl_httpclient:DEBUG > GET /16261693/image/7195799060?AWSAccessKeyId=ACCESSKEY&Expires=1458556343&Signature=4tFMCWtbbZMTJCgAUeTe+Jx7K2I= HTTP/1.1
2016-03-21 10:32:23 tornado.curl_httpclient:DEBUG > Host: prod-jimdo-userfiles.s3.amazonaws.com
2016-03-21 10:32:23 tornado.curl_httpclient:DEBUG > User-Agent: Thumbor/6.0.0
2016-03-21 10:32:23 tornado.curl_httpclient:DEBUG > Accept: */*
2016-03-21 10:32:23 tornado.curl_httpclient:DEBUG > Accept-Encoding: gzip,deflate
2016-03-21 10:32:23 tornado.curl_httpclient:DEBUG >
2016-03-21 10:32:23 tornado.curl_httpclient:DEBUG < HTTP/1.1 403 Forbidden
2016-03-21 10:32:23 tornado.curl_httpclient:DEBUG < x-amz-request-id: 758EA6A945952077
2016-03-21 10:32:23 tornado.curl_httpclient:DEBUG < x-amz-id-2: DyHphy98auesGDfoH9apyipSqcF+pO8tgfDYVM1FTZwlnKjiYhEKADNRiY+xwqTO0ZYCoq+bUC4=
2016-03-21 10:32:23 tornado.curl_httpclient:DEBUG < Content-Type: application/xml
2016-03-21 10:32:23 tornado.curl_httpclient:DEBUG < Transfer-Encoding: chunked
2016-03-21 10:32:23 tornado.curl_httpclient:DEBUG < Date: Mon, 21 Mar 2016 09:32:23 GMT
2016-03-21 10:32:23 tornado.curl_httpclient:DEBUG < Server: AmazonS3
2016-03-21 10:32:23 tornado.curl_httpclient:DEBUG <
2016-03-21 10:32:23 tornado.curl_httpclient:DEBUG Connection #0 to host prod-jimdo-userfiles.s3.amazonaws.com left intact
2016-03-21 10:32:23 thumbor:WARNING ERROR retrieving image https://prod-jimdo-userfiles.s3.amazonaws.com/16261693/image/7195799060?AWSAccessKeyId=ACCESSKEY&Expires=1458556343&Signature=4tFMCWtbbZMTJCgAUeTe+Jx7K2I=: HTTP 403: Forbidden
2016-03-21 10:32:23 tornado.access:WARNING 404 HEAD /unsafe/300x400/filters:format(jpg)/prod-jimdo-userfiles/16261693/image/7195799060 (127.0.0.1) 830.67ms
2016-03-21 10:32:34 botocore.client:DEBUG Registering retry handlers for service: s3
2016-03-21 10:32:34 botocore.hooks:DEBUG Event creating-client-class.s3: calling handler <function add_generate_presigned_post at 0x10ed2c488>
2016-03-21 10:32:34 botocore.hooks:DEBUG Event creating-client-class.s3: calling handler <function add_generate_presigned_url at 0x10ed26c08>
2016-03-21 10:32:34 botocore.endpoint:DEBUG Setting s3 timeout as (60, 60)
2016-03-21 10:32:34 thumbor:DEBUG Cleaning key: 16261693/image/7195799060
2016-03-21 10:32:34 thumbor:DEBUG Cleansed key: 16261693/image/7195799060
2016-03-21 10:32:34 botocore.utils:DEBUG Checking for DNS compatible bucket for: https://s3-eu-west-1.amazonaws.com/prod-jimdo-userfiles/16261693/image/7195799060
2016-03-21 10:32:34 botocore.utils:DEBUG URI updated to: https://prod-jimdo-userfiles.s3.amazonaws.com/16261693/image/7195799060
2016-03-21 10:32:34 botocore.auth:DEBUG Calculating signature using hmacv1 auth.
2016-03-21 10:32:34 botocore.auth:DEBUG HTTP request method: GET
2016-03-21 10:32:34 botocore.auth:DEBUG StringToSign:
GET
1458556354
/prod-jimdo-userfiles/16261693/image/7195799060
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG GET https://prod-jimdo-userfiles.s3.amazonaws.com/16261693/image/7195799060?AWSAccessKeyId=ACCESSKEY&Expires=1458556354&Signature=M7BgdiStlesfgTX7KZmTCZ9z9HE=
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG Connection 0 seems to be dead!
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG Closing connection 0
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG Hostname prod-jimdo-userfiles.s3.amazonaws.com was found in DNS cache
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG Trying 54.231.134.50...
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG Connected to prod-jimdo-userfiles.s3.amazonaws.com (54.231.134.50) port 443 (#1)
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG SSL re-using session ID
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG Server certificate: *.s3.amazonaws.com
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG Server certificate: DigiCert SHA2 High Assurance Server CA
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG Server certificate: DigiCert High Assurance EV Root CA
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG > GET /16261693/image/7195799060?AWSAccessKeyId=ACCESSKEY&Expires=1458556354&Signature=M7BgdiStlesfgTX7KZmTCZ9z9HE= HTTP/1.1
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG > Host: prod-jimdo-userfiles.s3.amazonaws.com
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG > User-Agent: Thumbor/6.0.0
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG > Accept: */*
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG > Accept-Encoding: gzip,deflate
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG >
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG < HTTP/1.1 200 OK
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG < x-amz-id-2: +BAMlvUDPKbbLzSIjuoaw4nXOWPYDjgmHHEyeCV6VvcRkT2pJIniy4RXZQtZCsta4/b7cQ8DIGw=
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG < x-amz-request-id: 3905F44007793DCE
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG < Date: Mon, 21 Mar 2016 09:32:35 GMT
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG < x-amz-version-id: WE1YzAUEXpbyOToJWD_jPH2uyOqV7De5
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG < Last-Modified: Mon, 22 Feb 2016 11:37:57 GMT
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG < ETag: "ce4179f66ac27601473499f9eea90417"
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG < Accept-Ranges: bytes
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG < Content-Type: binary/octet-stream
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG < Content-Length: 335593
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG < Server: AmazonS3
2016-03-21 10:32:34 tornado.curl_httpclient:DEBUG <
2016-03-21 10:32:35 tornado.curl_httpclient:DEBUG Connection #1 to host prod-jimdo-userfiles.s3.amazonaws.com left intact
2016-03-21 10:32:35 thumbor:DEBUG Format specified: jpg
2016-03-21 10:32:35 thumbor:DEBUG Image format specified as .jpg.
2016-03-21 10:32:35 thumbor:DEBUG Content Type of image/jpeg detected.
2016-03-21 10:32:35 tornado.access:INFO 200 HEAD /unsafe/300x400/filters:format(jpg)/prod-jimdo-userfiles/16261693/image/7195799060 (127.0.0.1) 697.12ms
Issue Analytics
- State:
- Created 8 years ago
- Comments:7 (2 by maintainers)
Top Results From Across the Web
SignatureDoesNotMatch on PUT request for AWS presigned url
At first I tried a simple request (below), but this return an SignatureDoesNotMatch error. req= $.ajax({ url: target_url, // this is the ` ......
Read more >S3 Signature Does Not Match Error When Using A Pre Signed ...
S3 PutObject with Pre Signed Request SignatureDoesNotMatch ... I would not be able to create the pre signed request in the first place, ......
Read more >SignatureDoesNotMatch - Salesforce Developer Community
When I hardcode the request got from Amazon MWS scratchpad, it is executing successfully but not when I give the values dynamically. You...
Read more >Fix SignatureDoesNotMatch error on S3 direct upload
<Error><Code>SignatureDoesNotMatch</Code> <Message>The request signature ... On the front end you call your server to get the presigned URL:
Read more >S3 SignatureDoesNotMatch error when using presigned ...
The first load of the content will render correctly but subsequent load ... <Error> <Code>SignatureDoesNotMatch</Code> <Message>The request ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
i just verified that this fixed the issue 👍 thx!
unfortunately it did not fix the issue. deploying the fixed botocore version still results in failed S3 requests when used with thumbor:
see the increase in 404s after the deploy: