Authorization header is not encrypted over HTTPS

余生颓废 提交于 2021-02-08 14:08:28

问题


I am currently consuming a REST API which uses HTTP Basic Authentication.

Based on the below picture, isn't the Authorization header supposed to be encrypted once I am using an Angular app over an HTTPS connection?


回答1:


With HTTPS, the HTTP requests/responses are sent over an SSL/TLS connection. It ensures that the entire message (including the headers) is encrypted when it is sent over the wire. If anyone intercepts the message, they won't be able to read the actual content.

However, the headers are still visible to both client and server. That's why Chrome DevTools and other debugging tools will show the values as plain text.



来源:https://stackoverflow.com/questions/50943719/authorization-header-is-not-encrypted-over-https

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!