Using Version Control with Signed URLs in Google Cloud Storage


Nick G.

I'm having trouble signing a GET request to Google Cloud Storage (GCS) when specifying a "generation" (version number) on an object. Signing the URL without generating it works like a charm, and the GET request works fine. However, when I prepend the path with #generation, the GCS server always returns "Access Denied" when trying to get the signed URL.

For example, signing that URL path works fine:

https://storage.googleapis.com/BUCKET/OBJECT

Signing this URL path gave me access denied:

https://storage.googleapis.com/BUCKET/OBJECT#1360887697105000

Note that for brevity and privacy, I have omitted the actual signed URL with the Signature, Expires, GoogleAccessId parameters. Also note that I also verified that the store, object and generation are correct using gsutil.

Does GCS allow signed URL access to specific object versions by "generation" number? Is the URL signing process different when accessing a specific version?

Travis Hobrla

The url you're using is compatible with gsutil, but the XML API requires you to use a query parameter to represent the generation (the query looks like storage.googleapis.com/BUCKET/OBJECT?generation=1360887697105000).

Documentation is here for reference: developers.google.com/storage/docs/reference-headers#generation

Related


Using Version Control with Signed URLs in Google Cloud Storage

Nick G. I'm having trouble signing a GET request to Google Cloud Storage (GCS) when specifying a "generation" (version number) on an object. Signing the URL without generating it works like a charm, and the GET request works fine. However, when I prepend the p

Using Version Control with Signed URLs in Google Cloud Storage

Nick G. I'm having trouble signing a GET request to Google Cloud Storage (GCS) when specifying a "generation" (version number) on an object. Signing the URL without generating it works like a charm, and the GET request works fine. However, when I prepend the p

Creating signed URLs for Google Cloud Storage using NodeJS

stukennedy I'm trying to create a signature for a privately stored file in Google Cloud Storage; so that I can distribute a time-limited link. Currently doing this and it makes a signature that's too short ... where am I going wrong? var crypto = require("cryp

Creating signed URLs for Google Cloud Storage using NodeJS

stukennedy I'm trying to create a signature for a privately stored file in Google Cloud Storage; so that I can distribute a time-limited link. Currently doing this and it makes a signature that's too short ... where am I going wrong? var crypto = require("cryp

Google Cloud Storage: CORS settings not working for signed URLs

Simon PUTResponses to requests with signed URLs do not contain headers Access-Control-Allow-Origin. import os from datetime import timedelta import requests from google.cloud import storage os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = <path to google crede

Google Cloud Storage: CORS settings not working for signed URLs

Simon PUTResponses to requests with signed URLs do not contain headers Access-Control-Allow-Origin. import os from datetime import timedelta import requests from google.cloud import storage os.environ['GOOGLE_APPLICATION_CREDENTIALS'] = <path to google crede

Upload file to Google Cloud Storage signed URL using Python

Raj Chaudhary Can someone help me with the code, preferably using the Requests library to upload a file to a Google Cloud Storage signed URL in Python? Lundin Custer You can check out this sample code on Github . It shows a portable way to achieve this using P