Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

NSURLRequest lost HTTP header “Authorization” while redirecting the request

We have a problem with downloading files from the server in background mode. The HTTP header “Authorization” field is lost while redirecting the request to another server.

We made some experiments and noticed that other fields (even the same but with underscore symbol at the end “Authorization_”) work perfectly in redirect. Looks like this field is erased according to some security reasons like if different servers use different authentication data.

It is possible to append “Authorization” field manually in foreground mode using

URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:

method. There’s a problem when we tried to use redirect request in background mode. Because according to the documentation "Tasks in background sessions automatically follow redirects.”.

I cannot find anything about skipping this field in RFC 2616, but suppose that probably there’s some undocumented solution to save “Authorization” field during redirect in background mode.

Let me assume that our front-end server may provide some special field in redirect response that would say that redirected server is trusted and we can use “Authorization” field without any modifications.

That is just an idea and probably we have to use it somehow else. Could you direct us please?

like image 738
gN0Me Avatar asked Apr 30 '14 12:04

gN0Me


1 Answers

'Authorization' header is one from the 'special' headers that are advised not to be modified. This is from Apple's documentation (LINK):

The NSURLConnection class and NSURLSession classes are designed to handle various aspects >of the HTTP protocol for you. As a result, you should not modify the following headers:

  • Authorization
  • Connection
  • Host
  • WWW-Authenticate
like image 110
Rafał Augustyniak Avatar answered Oct 05 '22 04:10

Rafał Augustyniak