I was browsing through some authentication code in nodejs and restify written by a fellow programmer when I came across the following lines
if (req.header.authorization) {
// do soemthing
} else {
var cookieValues = req.cookies["demo"]
}
What got me confused is that nowhere in this code did I see any line that is setting the "header.authorization" property of the req object or response object.
what am I missing here ?
The HTTP Authorization request header can be used to provide credentials that authenticate a user agent with a server, allowing access to a protected resource. The Authorization header is usually, but not always, sent after the user agent first attempts to request a protected resource without credentials.
To send a GET request with a Bearer Token authorization header, you need to make an HTTP GET request and provide your Bearer Token with the Authorization: Bearer {token} HTTP header.
These can be stored in the browser local storage or session storage.
Authorization
is a request header, commonly use for HTTP Basic Auth. It would be set if the server requested authorization, and the browser then prompted the user for a username/password and sent it (base64-encoded) to the server with a subsequent request. For example:
Server sends:
WWW-Authenticate: Basic realm="your server"
Client sends:
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
See also: http://en.wikipedia.org/wiki/Basic_access_authentication
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With