Menu
Context
XHR requests with Authorization header over HTTPS (both together) don't reach the server, using Safari (IOS and MacOS). But it works with IE, Chrome and Firefox.
I use a valid certificate generated by Letsencrypt and browsers don't display warnings about it.
On the web inspector of Safari, these XHRs try to get result until timeout and no errors displayed.
I have one domain and no sub-domain.
Test
Code
I use an interceptor to set authorization header.
this.request = (config) => { config.headers = config.headers || {}; var authData = localStorageService.get('authorizationData'); if (authData && config.url && !config.url.endsWith("/token")) { config.headers = { "Authorization": 'Bearer ' + authData.access_token }; config.withCredentials = true; } return config; } Has anyone encountered the same problems ?
UPDATE 1
There is something wrong with Safari + HTTPS + "Authorization" header. If I rename "Authorization" by "MyHeader", and doing some modification on server to retrieve my bearer token with "MyHeader" token, everything works well.
Is "Authorization" header a protected word using HTTPS on safari ?
980
However, the https site no longer works and there is no way to prevent Safari form trying to load it. Show activity on this post. If the site has previously indicated to Safari that it wishes to always be accessed over HTTPS through HSTS ( HTTP Strict Transport Security ), then Safari will always try to redirect to HTTPS.
If the site has previously indicated to Safari that it wishes to always be accessed over HTTPS through HSTS ( HTTP Strict Transport Security ), then Safari will always try to redirect to HTTPS. You can clear the HSTS cache by deleting ~/Library/Cookies/HSTS.plist.
The work around for me was to disable the authentication on the server, open the web app, let it load, then re enable the authentication. The web app then works. This is fine for the two devices that no longer work, but I know have to stop people upgrading until there is a fix.
Right click on the Trash icon in the Dock and select “Open”. Right click on the com.apple.Safari.plist and select “Put Back”. Select ”Replace” from the dialog when it appears. Go step by step and test. 1. If Safari is slow, stops responding, quits unexpectedly, or has other issues
I also faced a similar problem with safari where 'Authorization' in the header was not sent in the GET request but it ended up in a simple thing.
I simply appended a '/' at the end of the request URL and it worked for me.
for eg: change URL from '/token' to '/token/'.
64
When an HTTP request made via safari is made to any url contains words like login, token, etc... safari automatically adds Accept-Encoding header that brokes al
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
