XMLHttpRequest / Authorization Header

Question

MartialLNetatmo OP

Created Sep ’15

Replies 8

Boosts 0

Views 9.8k

Participants

It seems like I can't add an Authorization Header to an XMLHttpRequest.

Here the javascript code :

 var xhr = new XMLHttpRequest();
xhr.open('GET', "http://localhost:8080", true);
xhr.setRequestHeader('Authorization', 'Bearer hefiafizepzgenozngopzngpzegn');
xhr.send();

Here the log on my local server :

 Request : /
Headers : {"host":"localhost:8080","accept":"*/","accept-language":"en-us","connection":"keep-alive","accept-encoding":"gzip, deflate","user-agent":"Test/1 CFNetwork/758.1.2 Darwin/14.5.0"}

Did I miss something ?

Thanks for your help

PS : Note that if I rename the header "X-Authorization" it works.

Answered by in 57467022

The authorization header among other headers are restricted. Mode details are available here: https://developer.apple.com/library/prerelease/ios/documentation/Cocoa/Reference/Foundation/Classes/NSMutableURLRequest_Class/#//apple_ref/occ/instm/NSMutableURLRequest/addValue:forHTTPHeaderField:

Boost

Answer 1

OP

Apple

Sep ’15

Accepted Answer

The authorization header among other headers are restricted. Mode details are available here: https://developer.apple.com/library/prerelease/ios/documentation/Cocoa/Reference/Foundation/Classes/NSMutableURLRequest_Class/#//apple_ref/occ/instm/NSMutableURLRequest/addValue:forHTTPHeaderField:

0

Answer 2

MartialLNetatmo OP

Sep ’15

Always read the doc ... Sorry

I never had problems using the Authorization header before. Is it a new restriction ? Well I will find a way around

Thank you for your answer !

0

Answer 3

adamv OP

Sep ’15

I am having the same exact issue. This isn't an issue on any other platform, I executed on Chrome just fine.

Anyone have a workaround???

0

Answer 4

adamv OP

Sep ’15

I submitted a bug to apple regarding this because I don't see a way around it without some hacky changes to my API.

0

Answer 5

adamv OP

Oct ’15

This bug has been fixed as of tvOS Beta 3!

Thanks Apple for listening and getting this working!

0

	var xhr = new XMLHttpRequest();
	xhr.open('GET', "http://localhost:8080", true);
	xhr.setRequestHeader('Authorization', 'Bearer hefiafizepzgenozngopzngpzegn');
	xhr.send();

	Request : /
	Headers : {"host":"localhost:8080","accept":"*/","accept-language":"en-us","connection":"keep-alive","accept-encoding":"gzip, deflate","user-agent":"Test/1 CFNetwork/758.1.2 Darwin/14.5.0"}