This page lists the known limitations of organization restrictions.
Organization restrictions header service failure
In case the organization restrictions header service fails due to an internal failure, the access to the organization resource is not restricted but allowed without checking the header in the request.
Organization restrictions doesn't use the current empty header value for requests utilizing the same TLS connection
If all subsequent requests utilize the same TLS connection and if the header value in the current request is empty, the header value in the previous request is considered for organization restrictions check.
Organization restrictions fails to continue resumable uploads
When you use organization restrictions, the exact value of the x-goog-allowed-resources
header used in the initiation of the Cloud Storage resumable upload
session must persist for all subsequent data upload requests that use the session ID.
The header must contain exactly the same base64 encoded value or omit the header
entirely. Otherwise, data upload requests fails with the following error:
Mismatched organization restriction in resumable upload.
Workaround: Reinitialize the resumable upload session and start the data upload process again.