49 replies

fetch behaviour doesn't match curl or fetch in node/browser

Sending the following signed request fails with 403 from a Worker but succeeds in the browser and node repl. (Note the example is time sensitive and will soon time out for all platforms.)

export default {
  async fetch(request, env, ctx) {
    return await fetch("https://flowkey.oss-cn-shanghai.aliyuncs.com/1051-j-cole-mini_2017-03-24_10-03-72.jpg", { headers: Object.fromEntries([["authorization","OSS4-HMAC-SHA256 Credential=LTAI5tHz4CPSsjRiV9qzEfZb/20241129/cn-shanghai/oss/aliyun_v4_request,Signature=4beb9ea827ac8143e2e4e2d56b8dfdc8c2610381bc8744da053aee0c3ed92a64"],["x-oss-content-sha256","UNSIGNED-PAYLOAD"],["x-oss-date","20241129T011747Z"]]), method: "HEAD"});
  }
}

export default {
  async fetch(request, env, ctx) {
    return await fetch("https://flowkey.oss-cn-shanghai.aliyuncs.com/1051-j-cole-mini_2017-03-24_10-03-72.jpg", { headers: Object.fromEntries([["authorization","OSS4-HMAC-SHA256 Credential=LTAI5tHz4CPSsjRiV9qzEfZb/20241129/cn-shanghai/oss/aliyun_v4_request,Signature=4beb9ea827ac8143e2e4e2d56b8dfdc8c2610381bc8744da053aee0c3ed92a64"],["x-oss-content-sha256","UNSIGNED-PAYLOAD"],["x-oss-date","20241129T011747Z"]]), method: "HEAD"});
  }
}

Why? How do I fix it?

The server has a very permissive CORS policy (enabling all domains).

Is there a way to debug which headers Cloudflare actually sends in the

fetch

fetch

request? The network panel in the Workers code console shows that the correct headers should be sent, but then again there is a big notice saying "Provisional headers are shown.", so it's hard to say for sure.

fetch behaviour doesn't match curl or fetch in node/browser

Sending the following signed request fails with 403 from a Worker but succeeds in the browser and node repl. (Note the example is time sensitive and will soon time out for all platforms.)

export default {
  async fetch(request, env, ctx) {
    return await fetch("https://flowkey.oss-cn-shanghai.aliyuncs.com/1051-j-cole-mini_2017-03-24_10-03-72.jpg", { headers: Object.fromEntries([["authorization","OSS4-HMAC-SHA256 Credential=LTAI5tHz4CPSsjRiV9qzEfZb/20241129/cn-shanghai/oss/aliyun_v4_request,Signature=4beb9ea827ac8143e2e4e2d56b8dfdc8c2610381bc8744da053aee0c3ed92a64"],["x-oss-content-sha256","UNSIGNED-PAYLOAD"],["x-oss-date","20241129T011747Z"]]), method: "HEAD"});
  }
}

export default {
  async fetch(request, env, ctx) {
    return await fetch("https://flowkey.oss-cn-shanghai.aliyuncs.com/1051-j-cole-mini_2017-03-24_10-03-72.jpg", { headers: Object.fromEntries([["authorization","OSS4-HMAC-SHA256 Credential=LTAI5tHz4CPSsjRiV9qzEfZb/20241129/cn-shanghai/oss/aliyun_v4_request,Signature=4beb9ea827ac8143e2e4e2d56b8dfdc8c2610381bc8744da053aee0c3ed92a64"],["x-oss-content-sha256","UNSIGNED-PAYLOAD"],["x-oss-date","20241129T011747Z"]]), method: "HEAD"});
  }
}

Why? How do I fix it?

The server has a very permissive CORS policy (enabling all domains).

Is there a way to debug which headers Cloudflare actually sends in the

fetch

fetch

fetch behaviour doesn't match curl or fetch in node/browser

Similar Threads

fetch behaviour doesn't match curl or fetch in node/browser

Similar Threads

Similar Threads

Similar Threads