Answered by:
Apple Safari cannot connect to Azure Storage Services

Question
-
Hello,
We are having problems connecting to the Azure Storage Services from a Safari (9.0.2) browser on a Macintoch OS-X 10.11.2 computer (using the REST API, see https://msdn.microsoft.com/en-us/library/azure/dd179355.aspx). We did some debugging and traced the error back to an extra header line "Content-Length" the Safari browser adds to a http "HEAD" request.
There is some discussion in the community if the "Content-Length" header should be included in a http "HEAD" request. Chrome and FireFox do not add it, Safari does.
The Azure Storage service responds with a "403" error code if the "Content-Length: 0" line is in the headers. Our javascript code has no control over the adding of the header line by the browser.
Adding the "Content-Length:0" header to the "canonicalizedHeaders" and "stringToSign" for the "Authorization" value does not help.
So we are not able to connect with the REST services from Apple Safari. FireFox on Apple works without problems.
Is this something that should be fixed by the Azure Storage Services? Or by the Safari browser? We are not sure what to do next...
Below are the headers for the Safari and FireFox browsers on the same computer:
------
SAFARI REQUEST
HEAD /demonstrator/mob/be_lokeren_31370/pointcloud/point_cloud_31370.opc HTTP/1.1
Host: orbitgtstorage.blob.core.windows.net
Authorization: SharedKey orbitgtstorage:[-removed-]
Accept-Encoding: gzip, deflate
Accept-Language: en-us
Accept: */*
Origin: http://192.168.1.73:1111
Content-Length: 0
x-ms-date: Wed, 13 Jan 2016 10:39:03 GMT
Connection: keep-alive
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9
Referer: http://192.168.1.73:1111/ler/worker-javascript.js
x-ms-version: 2009-09-19
SAFARI RESPONSE : FAIL
HTTP/1.1 403 Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
Transfer-Encoding: chunked
Server: Microsoft-HTTPAPI/2.0
x-ms-request-id: 3495d486-0001-0085-25ee-4d993b000000
Access-Control-Expose-Headers: x-ms-request-id,Content-Length
Access-Control-Allow-Origin: *
Date: Wed, 13 Jan 2016 10:39:03 GMT
-------
FIREFOX REQUEST
HEAD /demonstrator/mob/be_lokeren_31370/pointcloud/point_cloud_31370.opc HTTP/1.1
Host: orbitgtstorage.blob.core.windows.net
Authorization: SharedKey orbitgtstorage:[-removed-]
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.5
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Origin: http://192.168.1.73:1111
x-ms-date: Wed, 13 Jan 2016 10:51:21 GMT
Connection: keep-alive
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:43.0) Gecko/20100101 Firefox/43.0
Referer: http://192.168.1.73:1111/ler/worker-javascript.js
x-ms-version: 2009-09-19
FIREFOX RESPONSE : OK
HTTP/1.1 200 OK
Content-Length: 901296394
Content-Type: application/octet-stream
Last-Modified: Mon, 04 Jan 2016 15:04:35 GMT
ETag: 0x8D315185BA2E9F9
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3f01cb92-0001-0045-09f0-4d137f000000
x-ms-version: 2009-09-19
x-ms-meta-CbModifiedTime: Mon, 04 Jan 2016 14:36:51 GMT
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-CbModifiedTime,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length
Access-Control-Allow-Origin: *
Date: Wed, 13 Jan 2016 10:51:21 GMT
- Edited by ler_orbit Wednesday, January 13, 2016 1:39 PM
Wednesday, January 13, 2016 1:19 PM
Answers
-
After reading the "Authentication" documentation again I found the answer to my own question.
In case of Safari, change:
var stringToSign: String = "HEAD"+"\n"+ ""+"\n"+ // Content_Encoding ""+"\n"+ // Content_Language ""+"\n"+ // Content_Length ""+"\n"+ // Content_MD5 ""+"\n"+ // Content_Type ""+"\n"+ // Date ""+"\n"+ // If_Modified_Since ""+"\n"+ // If_Match ""+"\n"+ // If_None_Match ""+"\n"+ // If_Unmodified_Since ""+"\n"+ // Range canonicalizedHeaders+ canonicalizedResource;
to:
var stringToSign: String = "HEAD"+"\n"+ ""+"\n"+ // Content_Encoding ""+"\n"+ // Content_Language "0"+"\n"+ // Content_Length ""+"\n"+ // Content_MD5 ""+"\n"+ // Content_Type ""+"\n"+ // Date ""+"\n"+ // If_Modified_Since ""+"\n"+ // If_Match ""+"\n"+ // If_None_Match ""+"\n"+ // If_Unmodified_Since ""+"\n"+ // Range canonicalizedHeaders+ canonicalizedResource;
- Marked as answer by ler_orbit Wednesday, January 13, 2016 2:54 PM
Wednesday, January 13, 2016 2:53 PM