Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Authorization header removed after redirect

See original GitHub issue

I’m not sure if this is supposed to be a feature because my other custom headers were preserved. Accept-Encoding is doubled on the second request as well.

First Request:

GET http://mydomain HTTP/1.1
X-Intel-Loglevel: DEBUG
Accept: application/json
x-request-id: cd013990-c68f-450a-afb3-f5d31fef08b7
Authorization: my authorization
User-Agent: RestSharp 104.1.0.0
Accept-Encoding: gzip, deflate

First Response:

HTTP/1.1 302 Moved Temporarily
Location: https://mydomain

Second Request:

GET https://mydomain HTTP/1.1
X-Intel-Loglevel: DEBUG
Accept: application/json
x-request-id: cd013990-c68f-450a-afb3-f5d31fef08b7
User-Agent: RestSharp 104.1.0.0
Accept-Encoding: gzip, deflate,gzip, deflate

Issue Analytics

  • State:closed
  • Created 10 years ago
  • Comments:8 (3 by maintainers)

github_iconTop GitHub Comments

4reactions
domenucommented, Jun 9, 2016

You can just assign a CredentialsCache object to the request in the Authenticate method. Passing these credentials to a request indicates to the request that you allow them to be used, even for subsequent requests (redirects).

From this msdn article:

A CredentialCache will not be removed from the Credentials property when redirecting because WebRequest knows where you will allow your credentials sent. You may also reuse your cache by assigning it to subsequent requests.

So a RestSharp BasicAuthenticator implementation could look like this:


 public class BasicAuthenticator : IAuthenticator
    {
        private readonly string _baseUrl;
        private readonly string _userName;
        private readonly string _password;
        private readonly CredentialCache _credentialCache;

        public BasicAuthenticator(string baseUrl, string userName, string password)
        {
            _baseUrl = baseUrl;
            _userName = userName;
            _password = password;

            _credentialCache = new CredentialCache
            {
                {new Uri(_baseUrl), "Basic", new NetworkCredential(_userName, _password)}
            };
        }

        public void Authenticate(IRestClient client, IRestRequest request)
        {
            request.Credentials = _credentialCache;

            if (request.Parameters.Any(parameter =>
                            parameter.Name.Equals("Authorization", StringComparison.OrdinalIgnoreCase)))
            {
                return;
            }
            request.AddParameter("Authorization", GetBasicAuthHeaderValue(), ParameterType.HttpHeader);
        }


        private string GetBasicAuthHeaderValue()
        {
            return string.Format("Basic {0}",
                            Convert.ToBase64String(Encoding.ASCII.GetBytes(string.Format("{0}:{1}",
                                _userName, _password))));
        }
    }
0reactions
carlin-q-scottcommented, Oct 27, 2014

You can either use the unfriendly-urls or implement the fix suggested by Haacked and me.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Beware of HTTP Redirects! - Muhammad Azeez
And when an HTTP call gets redirected, the Authorization header is removed as explained by the official docs. This behavior seems to be ......
Read more >
Remove Authorization header upon cross-origin redirect
The Fetch standard has updated to remove Authorization header on cross origin redirects. Chrome should follow the spec change.
Read more >
Authorization header is missing on redirect URL to the ...
The problem I am facing is that the Authorization header is not appended to the redirected URL, it is only appended to the...
Read more >
Authorization Header not removed for 302 redirect URL by ...
Using HTTP request operation I am passing the token in the header along with the URL. After reaching the server it is getting...
Read more >
Remove Authorization header upon cross-origin redirect
Remove Authorization header on cross origin redirects to scope a developer-controlled Authorization header to the origin of the initial request.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

No parameterless constructor defined for this object on arrays & enumerables of simple types

Next page

uppercase/lowercase keys in the serialized JSON