diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go
index c7fb6c85..fad861fc 100644
--- a/pkg/auth/auth.go
+++ b/pkg/auth/auth.go
@@ -61,15 +61,17 @@ func CheckRequest(instance Auth, r *http.Request) error {
 	return instance.Check(getSignContent(r), sign[0])
 }
 
-// getSignContent 签名请求path、正文、以`X-`开头的header
-// 返回待签名/验证的字符串
+// getSignContent 签名请求 path、正文、以`X-`开头的 Header. 如果 Header 中包含 `X-Policy`，
+// 则不对正文签名。返回待签名/验证的字符串
 func getSignContent(r *http.Request) (rawSignString string) {
 	// 读取所有body正文
 	var body = []byte{}
-	if r.Body != nil {
-		body, _ = ioutil.ReadAll(r.Body)
-		_ = r.Body.Close()
-		r.Body = ioutil.NopCloser(bytes.NewReader(body))
+	if _, ok := r.Header["X-Policy"]; !ok {
+		if r.Body != nil {
+			body, _ = ioutil.ReadAll(r.Body)
+			_ = r.Body.Close()
+			r.Body = ioutil.NopCloser(bytes.NewReader(body))
+		}
 	}
 
 	// 决定要签名的header
diff --git a/pkg/filesystem/driver/remote/handler.go b/pkg/filesystem/driver/remote/handler.go
index 5b9b965f..0d3ebb46 100644
--- a/pkg/filesystem/driver/remote/handler.go
+++ b/pkg/filesystem/driver/remote/handler.go
@@ -49,6 +49,7 @@ func (handler Driver) List(ctx context.Context, path string, recursive bool) ([]
 		handler.getAPIUrl("list"),
 		bodyReader,
 		request.WithCredential(handler.AuthInstance, int64(signTTL)),
+		request.WithMasterMeta(),
 	).CheckHTTPResponse(200).DecodeResponse()
 	if err != nil {
 		return res, err
@@ -116,6 +117,7 @@ func (handler Driver) Get(ctx context.Context, path string) (response.RSCloser,
 		nil,
 		request.WithContext(ctx),
 		request.WithTimeout(time.Duration(0)),
+		request.WithMasterMeta(),
 	).CheckHTTPResponse(200).GetRSCloser()
 	if err != nil {
 		return nil, err
@@ -175,6 +177,7 @@ func (handler Driver) Put(ctx context.Context, file io.ReadCloser, dst string, s
 		}),
 		request.WithContentLength(int64(size)),
 		request.WithTimeout(time.Duration(0)),
+		request.WithMasterMeta(),
 	).CheckHTTPResponse(200).DecodeResponse()
 	if err != nil {
 		return err
@@ -206,6 +209,7 @@ func (handler Driver) Delete(ctx context.Context, files []string) ([]string, err
 		handler.getAPIUrl("delete"),
 		bodyReader,
 		request.WithCredential(handler.AuthInstance, int64(signTTL)),
+		request.WithMasterMeta(),
 	).CheckHTTPResponse(200).GetResponse()
 	if err != nil {
 		return files, err