a month ago

When the API call reaches the Service, why is the Authorization header being removed?

When making an xhr call from the UI to the Backend service, we noticed that the Authorization header, with the jwt, is present in the request. However, upon receiving the api call, the Authorization header is missing. The code snippet below shows how the header is set in the xhr call.

const xhr = new XMLHttpRequest();'PUT', url, true);
xhr.setRequestHeader('Authorization', `Bearer ${jwtToken}`);
  'private, no-cache, no-store, must-revalidate'
xhr.setRequestHeader('Pragma', 'no-cache');
xhr.setRequestHeader('Expires', '0');
This issue occurs intermittently and the root cause has yet to be identified.

a month ago
Verified Answer
The issue you are facing is that the Authorization header is not being sent to the backend service intermittently. One possible reason for this could be that the Authorization header is not being included in the preflight request. According to MDN Web Docs, the Authorization HTTP header may be added to a request, but will be removed if the request is redirected cross-origin. One solution to this issue is to include the Authorization header directly in your call instead of using beforeSend hook. You can do this by adding the following line of code:
Make sure that the Authorization header is present in your request.I hope this helps! Let me know if you have any other questions.


Ajax CORS Request with http 401 in preflight - Stack Overflowjavascript - Authorisation header is getting removed when api call ...XMLHttpRequest.setRequestHeader () - Web APIs | MDNHow to assign basic authentication header to XMLHTTPREQUEST?
a month ago
There could be a few possible reasons why the Authorization header is not being received by the backend service: 1. CORS issue: The backend service may not be configured to allow requests with the Authorization header from the domain where the UI is hosted. This can cause the header to be stripped out before it reaches the backend. To resolve this, you may need to configure the backend to allow requests from the domain where the UI is hosted or add the necessary CORS headers to the API response. 2. Network issue: It's possible that the Authorization header is being lost somewhere in the network between the UI and the backend. This could be due to network latency, connection drops, or other network issues. To troubleshoot this, you can use network debugging tools to inspect the request and response headers at various points along the network path. 3. Code issue: There may be a bug in the code that is causing the Authorization header to be dropped intermittently. This could be due to a race condition, variable scoping issue, or other coding mistake. To troubleshoot this, you can add logging statements to the code to track the flow of the header and identify any potential issues. Overall, it's important to thoroughly investigate each of these possibilities to identify the root cause and determine the appropriate solution.