You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is relatively recent change in Google that will break signed_urls with an expiration date of more than 7 days in the future.
The default GS_EXPIRATION is 86400 seconds. However in the past there has been no upper limit. Now there is a max of 7 days.
Max value: GS_EXPIRATION = timedelta(seconds=604800)
This is the timestamp (represented as the number of seconds since the Unix Epoch of 00:00:00 UTC on January 1, 1970) when the signature expires. The server rejects any requests received after this timestamp, as well as any requests received after the key used to generate the signed URL is rotated. For security and for compatibility with the V4 signing process, you should set Expires to correspond to at most 1 week (604800 seconds) in the future.
If you generate a url with a longer expiration everything will work fine until 7 days have passed. Then when you try to access the url:
<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method.</Message>
<StringToSign>GET 1629488504 /BUCKET_NAME/inspection-media/DSC00095.JPG</StringToSign>
</Error>
There is relatively recent change in Google that will break signed_urls with an expiration date of more than 7 days in the future.
The default
GS_EXPIRATION
is 86400 seconds. However in the past there has been no upper limit. Now there is a max of 7 days.Max value:
GS_EXPIRATION = timedelta(seconds=604800)
https://cloud.google.com/storage/docs/access-control/signed-urls-v2
If you generate a url with a longer expiration everything will work fine until 7 days have passed. Then when you try to access the url:
Related upstream issue:
googleapis/python-storage#456
The text was updated successfully, but these errors were encountered: