SignatureDoesNotMatch error with special characters in the file name

Posted November 6, 2019 5.8k views
DigitalOcean Spaces

When adding a special character to a file name, the file upload results into an error. I’m using the Spaces-API PHP library with the latest AWS S3 client, as recommended in the DigitalOcean documentation.

image.png uploads fine
image@2x.png results in error

The error:

Exception has occurred.
GuzzleHttp\Exception\ClientException: Client error: `PUT` resulted in a `403 Forbidden` response:
<?xml version="1.0" encoding="UTF-8"?><Error><Code>SignatureDoesNotMatch</Code><RequestId>tx00000000000 (truncated...)

Example code to reproduce the error:

// Connect
$space = new SpacesConnect($key, $secret, $space_name, $region);

// Generate file id
$file_id = uniqid('', true);

// File name
$filename  = $file_id . '@2x.png';

// Path to file
$path_file = 'test/' . $filename;

// Upload source file to CDN
$space->UploadFile($data, 'public', $path_file, '', $mime);

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
2 answers

Solved the issue by patching up the SDK:

  • Thanks. I’ve seen that answer copy/pasted in a few questions indeed. Appreciate the share, missed this particular question in my search.

    Few points:

    • v2 signatures are end of life (although AWS extended the support till June 2020
    • v2 signatures seems to be already unsupported by DigitalOcean, as I receive a 403 authorization error when using them
    • The v4 problem still remains on the end of DigitalOcean, as described in this ticket on the library:

    “Since DigitalOcean Spaces is not an Amazon product I cannot deterministically say what exactly is causing this behavior. That being said, I suspect it is because DigitalOcean Spaces does not appear to perform URL encoding on object URLs in the same way Amazon S3 does, so when the AWS SDK for PHP (or, more specifically, the GuzzleHttp package used by the SDK) url-encodes the request path before sending out the request DigitalOcean does not url-decode the request path which results in a signature mismatch between the canonical URI (php/1846/@atsign/test) present in the request signature and the object being requested (php/1846/%40atsign/test).”