Server Side HTTP 303 redirect not persisting request header (Safari + IE)
https://stackoverflow.com/questions/22158510
-
19-10-2022 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
My webapp is making a ajax HTTP request to my server with a GET request, which will respond with 303 status code. (I believe) the browser handles this redirect and makes a GET request following Location header from previous 303 response. Only problem is that my initial response (resulted in 303) had a request header, Authentication. On Safari and IE, this header is not forwarded to the redirect GET request (Chrome and Firefox has no problem). This header is very important, without it, my GET request results in 401 Unauthorized.
I'm very naive with the underlying structure browser behaviour, I'm confused with the following things:
- Is it really the browser handling the 303 HTTP redirect?
- How does Firefox and Chrome foward or persist request header for redirect request?
- Should I expect Safari and IE be able to forward my request header on the redirect, like Chrome and Firefox do?
- Is there anywhere, on the client side, I can interfere with the redirect request - so I can set the request header?
My initial HTTP request
Request URL: DOMAIN/integrator/profiles/campus/default
Request Headers
Authorization:Bearer f85a5ce3-7c08-4e4d-a1b3
Cache-Control:no-cache
Connection:keep-alive
Content-Type:application/json
Referer:http://localhost:3007/html5storefront/
X-Requested-With:XMLHttpRequest
Status Code:303 See Other
Response Headers
Cache-Control:no-cache
Connection:Keep-Alive
Content-Length:0
Content-Type:application/json
Date:Mon, 03 Mar 2014 21:38:13 GMT
Keep-Alive:timeout=5, max=99
Location:http://localhost:3007/integrator/profiles/campus/gi4dgqzsgrbuelkegmydoljug4ztgl
Server:Apache-Coyote/1.1
Request URL: DOMAIN/integrator/profiles/campus/gi4dgqzsgrbuelkegmydoljug4ztgl
Redirect request by Chrome (similar on Firefox)
Authorization:Bearer f85a5ce3-7c08-4e4d-a1b3
Cache-Control:no-cache
Connection:keep-alive
Content-Type:application/json
Referer:http://localhost:3007/html5storefront/
X-Requested-With:XMLHttpRequest
Request URL: DOMAIN/integrator/profiles/campus/gi4dgqzsgrbuelkegmydoljug4ztgl
Redirect request by Safari (similar on IE)
Referer:http://localhost:3007/html5storefront/
X-Requested-With:XMLHttpRequest
Please note the abscence of Authorization header on the redirected request by Safari.
Thank you all for reading my question.
No correct solution
