locked
Apple Safari cannot connect to Azure Storage Services RRS feed

  • Question

  • Hello,

    We are having problems connecting to the Azure Storage Services from a Safari (9.0.2) browser on a Macintoch OS-X 10.11.2 computer (using the REST API, see https://msdn.microsoft.com/en-us/library/azure/dd179355.aspx). We did some debugging and traced the error back to an extra header line "Content-Length" the Safari browser adds to a http "HEAD" request.

    There is some discussion in the community if the "Content-Length" header should be included in a http "HEAD" request. Chrome and FireFox do not add it, Safari does.

    The Azure Storage service responds with a "403" error code if the "Content-Length: 0" line is in the headers. Our javascript code has no control over the adding of the header line by the browser.

    Adding the "Content-Length:0" header to the "canonicalizedHeaders" and "stringToSign" for the "Authorization" value does not help.

    So we are not able to connect with the REST services from Apple Safari. FireFox on Apple works without problems.

    Is this something that should be fixed by the Azure Storage Services? Or by the Safari browser? We are not sure what to do next...

    Below are the headers for the Safari and FireFox browsers on the same computer:

    ------
    SAFARI REQUEST

    HEAD /demonstrator/mob/be_lokeren_31370/pointcloud/point_cloud_31370.opc HTTP/1.1
    Host: orbitgtstorage.blob.core.windows.net
    Authorization: SharedKey orbitgtstorage:[-removed-]
    Accept-Encoding: gzip, deflate
    Accept-Language: en-us
    Accept: */*
    Origin: http://192.168.1.73:1111
    Content-Length: 0
    x-ms-date: Wed, 13 Jan 2016 10:39:03 GMT
    Connection: keep-alive
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9
    Referer: http://192.168.1.73:1111/ler/worker-javascript.js
    x-ms-version: 2009-09-19

    SAFARI RESPONSE : FAIL

    HTTP/1.1 403 Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
    Transfer-Encoding: chunked
    Server: Microsoft-HTTPAPI/2.0
    x-ms-request-id: 3495d486-0001-0085-25ee-4d993b000000
    Access-Control-Expose-Headers: x-ms-request-id,Content-Length
    Access-Control-Allow-Origin: *
    Date: Wed, 13 Jan 2016 10:39:03 GMT

    -------
    FIREFOX REQUEST

    HEAD /demonstrator/mob/be_lokeren_31370/pointcloud/point_cloud_31370.opc HTTP/1.1
    Host: orbitgtstorage.blob.core.windows.net
    Authorization: SharedKey orbitgtstorage:[-removed-]
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.5
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Origin: http://192.168.1.73:1111
    x-ms-date: Wed, 13 Jan 2016 10:51:21 GMT
    Connection: keep-alive
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:43.0) Gecko/20100101 Firefox/43.0
    Referer: http://192.168.1.73:1111/ler/worker-javascript.js
    x-ms-version: 2009-09-19

    FIREFOX RESPONSE : OK

    HTTP/1.1 200 OK
    Content-Length: 901296394
    Content-Type: application/octet-stream
    Last-Modified: Mon, 04 Jan 2016 15:04:35 GMT
    ETag: 0x8D315185BA2E9F9
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 3f01cb92-0001-0045-09f0-4d137f000000
    x-ms-version: 2009-09-19
    x-ms-meta-CbModifiedTime: Mon, 04 Jan 2016 14:36:51 GMT
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-CbModifiedTime,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length
    Access-Control-Allow-Origin: *
    Date: Wed, 13 Jan 2016 10:51:21 GMT


    • Edited by ler_orbit Wednesday, January 13, 2016 1:39 PM
    Wednesday, January 13, 2016 1:19 PM

Answers

  • After reading the "Authentication" documentation again I found the answer to my own question.

    In case of Safari, change:

            var stringToSign: String = "HEAD"+"\n"+
                   ""+"\n"+ // Content_Encoding
                   ""+"\n"+ // Content_Language
                   ""+"\n"+ // Content_Length
                   ""+"\n"+ // Content_MD5
                   ""+"\n"+ // Content_Type
                   ""+"\n"+ // Date
                   ""+"\n"+ // If_Modified_Since
                   ""+"\n"+ // If_Match
                   ""+"\n"+ // If_None_Match
                   ""+"\n"+ // If_Unmodified_Since
                   ""+"\n"+ // Range
                   canonicalizedHeaders+
                   canonicalizedResource;
    

    to:

            var stringToSign: String = "HEAD"+"\n"+
                   ""+"\n"+ // Content_Encoding
                   ""+"\n"+ // Content_Language
                   "0"+"\n"+ // Content_Length
                   ""+"\n"+ // Content_MD5
                   ""+"\n"+ // Content_Type
                   ""+"\n"+ // Date
                   ""+"\n"+ // If_Modified_Since
                   ""+"\n"+ // If_Match
                   ""+"\n"+ // If_None_Match
                   ""+"\n"+ // If_Unmodified_Since
                   ""+"\n"+ // Range
                   canonicalizedHeaders+
                   canonicalizedResource;
    


    • Marked as answer by ler_orbit Wednesday, January 13, 2016 2:54 PM
    Wednesday, January 13, 2016 2:53 PM