Question
We have a problem with downloading files from the server in background mode. The HTTP header “Authorization” field is lost while redirecting the request to another server.
We made some experiments and noticed that other fields (even the same but with underscore symbol at the end “Authorization_”) work perfectly in redirect. Looks like this field is erased according to some security reasons like if different servers use different authentication data.
It is possible to append “Authorization” field manually in foreground mode using
https://stackoverflow.com/questions/23388103
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianURLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:
method. There’s a problem when we tried to use redirect request in background mode. Because according to the documentation "Tasks in background sessions automatically follow redirects.”.
I cannot find anything about skipping this field in RFC 2616, but suppose that probably there’s some undocumented solution to save “Authorization” field during redirect in background mode.
Let me assume that our front-end server may provide some special field in redirect response that would say that redirected server is trusted and we can use “Authorization” field without any modifications.
That is just an idea and probably we have to use it somehow else. Could you direct us please?
Solution
'Authorization' header is one from the 'special' headers that are advised not to be modified. This is from Apple's documentation (LINK):
The NSURLConnection class and NSURLSession classes are designed to handle various aspects >of the HTTP protocol for you. As a result, you should not modify the following headers:
- Authorization
- Connection
- Host
- WWW-Authenticate
