Request made by the browser does not contain the "authorization" header
See original GitHub issueI’m trying to use Vulcain on my API developed with api-platform created from the distribution made available in the api-platform doc.
My API is secured by two headers: “authorization” which contains a Bearer and “workspace” which contains an ID allowing the API to know on which workspace to retrieve the information.
I have a user object which contains a “defaultRoles” attribute which lists all the roles of the user.
So I applied the#[ApiProperty(push:true)]
annotation on this attribute.
When the browser makes sub-requests to retrieve the “defaultRoles/:id” resources, the API returns a 401 because the requests generated by the browser do not contain the “authorization” and “workspace” headers.
I couldn’t find any resources explaining how Vulcain works with a secure API.
How can I add the header in that request ?
Issue Analytics
- State:
- Created a year ago
- Comments:5 (2 by maintainers)
Top GitHub Comments
The
push
option isn’t related to Vulcain (it’s an older feature) and doesn’t support authorization. We’ll probably remove this option in favor or Vulcain in a future version.To push a resource with vulcain you need to use the
Preload
header instead: https://Vulcain.rocksIn my case, I have a request that contains the header
authorization: Bearer ...
This request results in several requests made by the browser which do not contain an authorization header. Example of request made by the browser :
Is this behavior normal or is it due to a bad configuration? Or is it due to the /me route ?