Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Request made by the browser does not contain the "authorization" header

See original GitHub issue

I’m trying to use Vulcain on my API developed with api-platform created from the distribution made available in the api-platform doc.

My API is secured by two headers: “authorization” which contains a Bearer and “workspace” which contains an ID allowing the API to know on which workspace to retrieve the information.

I have a user object which contains a “defaultRoles” attribute which lists all the roles of the user. So I applied the#[ApiProperty(push:true)]annotation on this attribute. When the browser makes sub-requests to retrieve the “defaultRoles/:id” resources, the API returns a 401 because the requests generated by the browser do not contain the “authorization” and “workspace” headers.

I couldn’t find any resources explaining how Vulcain works with a secure API.

How can I add the header in that request ?

Issue Analytics

State:
Created a year ago
Comments:5 (2 by maintainers)

Top GitHub Comments

1reaction

dunglascommented, Jul 19, 2022

The push option isn’t related to Vulcain (it’s an older feature) and doesn’t support authorization. We’ll probably remove this option in favor or Vulcain in a future version.

To push a resource with vulcain you need to use the Preload header instead: https://Vulcain.rocks

0reactions

JoDarma-lpcommented, Jul 21, 2022

In my case, I have a request that contains the header authorization: Bearer ...

/users/me?preload=“/defaultRoles/*”

This request results in several requests made by the browser which do not contain an authorization header. Example of request made by the browser :

/roles/CONCEPTEUR_DE_MODELE

Is this behavior normal or is it due to a bad configuration? Or is it due to the /me route ?

Top Results From Across the Web

http2 - Request made by the browser does not contain the ...

My API is secured by two headers: "authorization" which contains a Bearer and "workspace" which contains an ID allowing the API to know...

Why authorization header not included in request ? - Auth0

The reason for that is this request from the browser is not including the Authorization header, unlike postman.

Authorization - HTTP - MDN Web Docs - Mozilla

The HTTP Authorization request header can be used to provide credentials that authenticate a user agent with a server, allowing access to a ......

How to get an access token with Auth Code Grant | DocuSign

Before you can make any API calls using Authorization Code Grant, ... The request must contain an Authorization header that holds your access...

HTTP/1.1: Header Field Definitions

Note: If the request does not include an Accept-Encoding field, and if the ... 401 response--does so by including an Authorization request-header field...