XMLHttpRequest / Authorization Header

App & System Services General
MartialLNetatmo OP
Created Sep ’15
Replies 8
Boosts 0
Views 9.4k
Participants 6

It seems like I can't add an Authorization Header to an XMLHttpRequest.


Here the javascript code :


var xhr = new XMLHttpRequest();
xhr.open('GET', "http://localhost:8080", true);
xhr.setRequestHeader('Authorization', 'Bearer hefiafizepzgenozngopzngpzegn');
xhr.send();


Here the log on my local server :


Request : /
Headers : {"host":"localhost:8080","accept":"*/","accept-language":"en-us","connection":"keep-alive","accept-encoding":"gzip, deflate","user-agent":"Test/1 CFNetwork/758.1.2 Darwin/14.5.0"}


Did I miss something ?


Thanks for your help


PS : Note that if I rename the header "X-Authorization" it works.

Answered by in 57467022

The authorization header among other headers are restricted. Mode details are available here: https://developer.apple.com/library/prerelease/ios/documentation/Cocoa/Reference/Foundation/Classes/NSMutableURLRequest_Class/#//apple_ref/occ/instm/NSMutableURLRequest/addValue:forHTTPHeaderField:

Replies  8
Boosts  0
Views  9.4k
Participants  6
OP
Apple
Sep ’15
Accepted Answer

The authorization header among other headers are restricted. Mode details are available here: https://developer.apple.com/library/prerelease/ios/documentation/Cocoa/Reference/Foundation/Classes/NSMutableURLRequest_Class/#//apple_ref/occ/instm/NSMutableURLRequest/addValue:forHTTPHeaderField:

0
MartialLNetatmo OP
Sep ’15

Always read the doc ... Sorry


I never had problems using the Authorization header before. Is it a new restriction ? Well I will find a way around


Thank you for your answer !

0
adamv OP
Sep ’15

I am having the same exact issue. This isn't an issue on any other platform, I executed on Chrome just fine.


Anyone have a workaround???

0
adamv OP
Sep ’15

I submitted a bug to apple regarding this because I don't see a way around it without some hacky changes to my API.

0
adamv OP
Oct ’15

This bug has been fixed as of tvOS Beta 3!


Thanks Apple for listening and getting this working!

0
loreto-parisi OP
Nov ’15

Could you please take a look at this issue with responseType for the XHR?
https://forums.developer.apple.com/thread/26643
Thank you.

0
PBartrina OP
Dec ’15

Is this confirmed? Can I modify the Authorization header?


The documentation hasn't changed.

0
eMAD OP
Jan ’16

This is confirmed, the Authorization header is not restricted anymore as I am able to call all my APIs with the Authorization header and it seems to be working fine 🙂

0
XMLHttpRequest / Authorization Header
First post date Last post date
 
 
Q