Authorization header on 2.3.4 gets 400 bad request

问题

I'm trying to get my simple app working on Android 2.3.4 - gingerbread. The first request I make to the server is for authentication. For making requests I am using RetroFit.

However, I'm getting the error below when trying to make a request from a phone that has gingerbread on it.

05-09 16:21:44.724    4706-4734/com.myapp.mobile D/Retrofit﹕ <--- HTTP 400 https://myserver.com/myservice/user/signin (2318ms)
05-09 16:21:44.740    4706-4734/com.myapp.mobile D/Retrofit﹕ <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html><head>
    <title>400 Bad Request</title>
    </head><body>
    <h1>Bad Request</h1>
    <p>Your browser sent a request that this server could not understand.<br />
    </p>
    <hr>
    <address>Apache/2.2.15 (CentOS) Server at localhost Port 443</address>
    </body></html>

The request I'm making is this:

@GET("/user/signin")
@Headers({"Content-type: application/json"})
User signin(@Header("Authorization") String value);

I'm building the adapter like this:

private final RestAdapter REST_ADAPTER = new RestAdapter.Builder()
        .setServer(API_URL)
        .setLogLevel(RestAdapter.LogLevel.FULL)
        .build();

private final MyTaskService MY_SERVICE = REST_ADAPTER.create(MyTaskService.class);

The same code base works perfectly fine on a newer API (I've tried API 15+).

Is there any reason why the Authorization request would fail on gingerbread?

回答1:

I know, old thread, but I ran into the same problem and didn't find a solution here. So I investigated and found what the problem was for me. We use Volley, though.

The actual problem was when using code like:

    String auth = "Basic " + Base64.encodeToString(creds.getBytes(), Base64.DEFAULT);
    headers.put("Authorization", auth);

When we simply do

    headers.put("Authorization", "Basic asd123ASD123asd");

it works.

Why?

Well, I don't know why Android 2.3 behaves differently than the newer Androids, of course, but that Base64.encodeToString() introduced a new line character. I figured this our using Wireshark. This new line breaks the HTTP header into two, hence you get two responses from the server with the latter one being a 400 Bad Request, which is displayed in Logcat.

If someone is interested in how I figured this out, don't hestitate to ask! But since this question is quote old and without response, I guess there is not much interest and I save the time of explaining HTTP and taking screenshots.

来源：https://stackoverflow.com/questions/23573692/authorization-header-on-2-3-4-gets-400-bad-request