Menu
I have web page under / which requires Basic auth. Under /api/* REST API is served which does require JWT token passed in Authorization header.
In Chrome it works fine: when I load web page it asks me for Basic credentials and then webpage performs AJAX requests to /api/* along with JWT in Authorization header.
In Safari however, all AJAX requests are sent with Authorization header set to Basic credentials, and does not allow to set JWT in Authorization header...
Is there any workaround for this situation?
I am setting JWT for AJAX requests like this:
$.ajaxSetup({
headers: {'Authorization': accessToken}
});
922
To make your application secure, use HTTPS, and if you really do not want to show which header is the authentication, replace it with a custom header. Also, if you really need to hide the data inside it, encrypt the token with a custom logic.
The HTTP Authorization request header can be used to provide credentials that authenticate a user agent with a server, allowing access to a protected resource. The Authorization header is usually, but not always, sent after the user agent first attempts to request a protected resource without credentials.
To send a GET request with a Bearer Token authorization header, you need to make an HTTP GET request and provide your Bearer Token with the Authorization: Bearer {token} HTTP header.
I had this problem and probably it's a bug in Safari.
The request from Safari:
The same request in Wireshark:
Solution: don't use basic auth or change the authorization header name (e.g. use X-My-Api-Auth).
101
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
