Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Authorization Bearer token header not sent since RC5 update in HTTP GET

See original GitHub issue

**I’m submitting a BUG

[x ] bug report
[ ] feature request
[ ] support request => Please do not submit support request here, instead see https://github.com/angular/angular/blob/master/CONTRIBUTING.md#question

Current behavior After angular 2 rc5, the http get request no longer sets the Authorization header in a HTTP Request

Expected/desired behavior Authorization: Bearer XXXXXXX

Expected: (rc4)

GET https://localhost:44390/api/DataEventRecords/ HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjA2RDNFNDZFOTEwNzNDNUQ0QkMyQzk5ODNCRTlGRjQ0OENGNjQwRDQiLCJ0eXAiOiJKV1QiLCJ4NXQiOiJCdFBrYnBFSFBGMUx3c21ZTy1uX1JJejJRTlEifQ.eyJuYmYiOjE0NzA4OTI0MjEsImV4cCI6MTQ3MDg5NjAyMSwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NDQzNDUiLCJhdWQiOiJodHRwczovL2xvY2FsaG9zdDo0NDM0NS9yZXNvdXJjZXMiLCJjbGllbnRfaWQiOiJhbmd1bGFyMmNsaWVudCIsInNjb3BlIjpbImRhdGFFdmVudFJlY29yZHMiLCJzZWN1cmVkRmlsZXMiLCJvcGVuaWQiXSwic3ViIjoiNDg0MjExNTciLCJhdXRoX3RpbWUiOjE0NzA4OTI0MTksImlkcCI6Imlkc3ZyIiwicm9sZSI6WyJhZG1pbiIsImRhdGFFdmVudFJlY29yZHMuYWRtaW4iLCJkYXRhRXZlbnRSZWNvcmRzLnVzZXIiLCJkYXRhRXZlbnRSZWNvcmRzIiwic2VjdXJlZEZpbGVzLnVzZXIiLCJzZWN1cmVkRmlsZXMuYWRtaW4iLCJzZWN1cmVkRmlsZXMiXX0.KX2WFC5mtaQGqtV8e3MPcQHwnTAt5qagA0MuJwn503AMgQ6Gr-micskvbWd_qjPI7lzqdO-aYZwoOXcUzk2DEF0GIZxqrLQR-9Ebe7a3BjCGLBRPFx2OdqH4upYhqhZDTU-l0urD9EWgulpfOBR2KYPuBoIW3e_iwL8JDQ1dLASWjFVcwxlo61TrFztT8mhFVNWAavW-vtjljsR23aj85W7c7ycY7odmc-e5I-TIsillisMXAj_n5zmqioVXYJ4L2NTOa98MykJP8G096WWTP53YmH9bFonSb7NQJzdcAAyi-EqqLAFUZ_Tfq2dMUClqXXuhkwB2pX_8hEhbp4uw-A
Referer: https://localhost:44311/dataeventrecords

Sent: (rc5)

GET https://localhost:44390/api/DataEventRecords/ HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Negotiate oXcwdaADCgEBoloEWE5UTE1TU1AAAwAAAAAAAABYAAAAAAAAAFgAAAAAAAAAWAAAAAAAAABYAAAAAAAAAFgAAAAAAAAAWAAAABXCiOIGA4AlAAAAD7uyRNJyP1zX0U92HzLXCO2jEgQQAQAAANoBO4r/5cFiAAAAAA==
Referer: https://localhost:44311/

Reproduction of the problem

https://github.com/damienbod/AspNet5IdentityServerAngularImplicitFlow/blob/devAngular2rc5/src/Angular2Client/wwwroot/app/dataeventrecords/DataEventRecordsService.ts

 private setHeaders() {

        console.log("setHeaders started");

        this.headers = new Headers();
        this.headers.append('Content-Type', 'application/json');
        this.headers.append('Accept', 'application/json');

        var token = this._securityService.GetToken();
        if (token !== "") {
            let tokenValue = 'Bearer ' + token;
            console.log("tokenValue:" + tokenValue);
            this.headers.append('Authorization', tokenValue);
        }
    }

    public GetAll = (): Observable<DataEventRecord[]> => {
        this.setHeaders();
        let options = new RequestOptions({ headers: this.headers, body: '' });

        return this._http.get(this.actionUrl, options).map(res => res.json());
}

What is the expected behavior? The Bearer token should be sent with the HTTP Request

What is the motivation / use case for changing the behavior?

Security

Please tell us about your environment:

Angular version: 2.0.0-rc.5
Browser: [all | Chrome XX | Firefox XX | IE XX | Safari XX | Mobile Chrome XX | Android X.X Web Browser | iOS XX Safari | iOS XX UIWebView | iOS XX WKWebView ]
Language: [all | TypeScript 1.8.10 | ES6/7 | ES5]

Issue Analytics

State:
Created 7 years ago
Reactions:2
Comments:6

Top GitHub Comments

2reactions

cristimusatcommented, Aug 11, 2016

I am also using token authorization and have no problems with RC5. my code is

securedGet(getURL: string, token:string) {
            let headers = new Headers();
            headers.append('Content-Type', 'application/json');
            headers.append('Authorization', 'bearer ' + token);
            let obs = new Observable(observer => {
                this.http.get(getURL, {headers: headers, body: ''}).subscribe(
                    (response: Response) => {
                        observer.next(response);
                        observer.complete();
                    },
                    error=> {
                        observer.error(error);
                    });
            });
            return obs;
    }

0reactions

angular-automatic-lock-bot[bot]commented, Sep 10, 2019

This issue has been automatically locked due to inactivity. Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

_{This action has been performed automatically by a bot.}