Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

1.1.0 doesn't add the authorisation bearer to the header

See original GitHub issue

Upgraded from beta9 to 1.1.0 because #477 is fixed but, now something else seems to be broken.

I can’t see the authorisation Bearer part anywhere in the header. I tried adding localhost to the whitelist, but that didn’t help as well. Is something else changed?

Issue Analytics

State:
Created 6 years ago
Reactions:11
Comments:39 (7 by maintainers)

Top GitHub Comments

42reactions

crookseycommented, Mar 23, 2018

Seeing as how this library can sometimes be buggy, I decided to write my own HTTP_INTERCEPTOR, very easy, simply replace ‘rawJWT’ with the location of your JWT from local storage.:

import { HttpEvent, HttpHandler, HttpInterceptor, HttpRequest } from '@angular/common/http';
import { Injectable } from '@angular/core';
import { Observable } from 'rxjs/Observable';

@Injectable()
export class JwtHttpInterceptor implements HttpInterceptor {
  constructor() {}
  intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
    const token = localStorage.getItem('rawJWT');
      let clone: HttpRequest<any>;
      if (token) {
        clone = request.clone({
          setHeaders: {
            Accept: `application/json`,
            'Content-Type': `application/json`,
            Authorization: `Bearer ${token}`
          }
        });
      } else {
        clone = request.clone({
          setHeaders: {
            Accept: `application/json`,
            'Content-Type': `application/json`
          }
        });
      }
      return next.handle(clone);
  }
}

Then in app.module.ts (note you have to import the above first as normal)

providers: [
    { provide: HTTP_INTERCEPTORS, useClass: JwtHttpInterceptor, multi: true },

This library is great for decoding JWT’s but this is not the first time an update has broken the code, so with this easy code I can control how and where my JWT gets sent

10reactions

1619digitalcommented, Mar 15, 2018

Repeating from #481 - If you leave the whitelist empty the isWhitelistedDomain method will always return false. It will never match anything, and hence never send the authorization headers. (This is contrary to the documentation, which implies that having an empty whitelist will match local domain requests.) Furthermore, adding localhost won’t work, because the domain for a domain-less request is null.

Workaround - If you use domain-less routes, the workaround is to add the null domain to the whitelist, which you can do through a RegExp. In other words, do this:

whitelistedDomains: [ /^null$/ ]