Context
XHR requests with an authorization header over HTTPS (both together) do not reach the server using Safari (IOS and MacOS). But it works with IE, Chrome and Firefox.
I am using a valid certificate generated by Letsencrypt and browsers do not display a warning about this.
In Safari Web Inspector, these XHRs try to get the result before the timeout and no errors are displayed.
I have one domain and no subdomain.
Test
- Authorization Header + HTTPS => Doesn't work
- Authorization Header + No HTTPS (HTTP) => Works
- No authorization header + HTTPS => Works
the code
I use an interceptor to set the authorization header.
this.request = (config) => { config.headers = config.headers || {}; var authData = localStorageService.get('authorizationData'); if (authData && config.url && !config.url.endsWith("/token")) { config.headers = { "Authorization": 'Bearer ' + authData.access_token }; config.withCredentials = true; } return config; }
Has anyone encountered the same problems?
UPDATE 1
There is something wrong with the Safari + HTTPS + Authorization header. If I rename "Authorization" using "MyHeader" and do some modification on the server to get a bearer token with the "MyHeader" token, everything will be fine.
Under the heading "Authorization" protected word using HTTPS on safari?
Nicolas law-dune
source share