I am trying to send an OAuth access token in an HTTP header via NSURLConnection but it doesn\'t seem to be sending the header because the API keeps giving me an error saying tha
@isair's answer is truly a lifesaver.
Just to add on the root cause if you're interested:
NSURLRequest defines a set of reserved HTTP headers. And surprisingly, Authrorization
is part of it.
The URL Loading System handles various aspects of the HTTP protocol for you (HTTP 1.1 persistent connections, proxies, authentication, and so on). As part of this support, the URL Loading System takes responsibility for certain HTTP headers:
Content-Length
Authorization
Connection
Host
Proxy-Authenticate
Proxy-Authorization
WWW-Authenticate
If you set a value for one of these reserved headers, the system may ignore the value you set, or overwrite it with its own value, or simply not send it. Moreover, the exact behavior may change over time. To avoid confusing problems like this, do not set these headers directly.
In @isair's case, it's highly likely that URLs without a trailing slash had triggered such "filtering" behaviour. This maybe an inconsistency in the implementation but we don't have access to the source code to verify that.
In my case, I was writing a React webapp that uses Authorization
header to authenticate with the backend Django server. The app behaved perfectly on desktop Chrome but always failed to access login-required
APIs on the iPhone (both Safari and Chrome), due to the missing Authorization
header.
The ideal solution is to avoid using Authorization
at all. But if you're communicating with a backend framework that specifically requires it (e.g. Django Rest Framework's token authentication). @isair's answer can be a good workaround.