TechQA.

missing Authorization header in production mode only

27 views Asked by At

i have a spring angular project, and i am missing Authorization header just in production mode. my config for CORS in backend is :

@Configuration
@EnableWebMvc
public class WebConfig implements WebMvcConfigurer {

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
                .allowedOrigins("http://oncf-app.s3-website.eu-north-1.amazonaws.com")
                .allowedMethods("*")
                .allowedHeaders("*")
                .exposedHeaders("*")
                .maxAge(3600)
                .allowCredentials(true);
    }
}

in forntend i use intercepteur for injecting token using "autorisation" header in requests emitted from frontend to backend, interceptor :

@Injectable()
export class JwtInterceptor implements HttpInterceptor {
  #tokkenService = inject(TokenService);

  intercept(request: HttpRequest<unknown>, next: HttpHandler): Observable<HttpEvent<unknown>> {
    if (!request.url.includes('/auth') && !request.url.includes('/test')) {
      let newRequest = request.clone({
        headers: request.headers.set(
          'Authorization',
          'Bearer ' + this.#tokkenService.getToken()
        ),
      });
      return next.handle(newRequest);
    } else return next.handle(request);
  }
}

the problem is in developement mode , this approach works fine and the requests emitted from frontend contains the token but when i deploy this, the requests emitted from the front are not containing the "autorisation" header any more, and in developement mode the response contains "Access-Control-Allow-Origin", "Access-Control-Expose-Headers", "Access-Control-Allow-Credentials" headers but in production mode the response is missing these headers. in my S3 bucket, i give the CORS this configuration:

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET",
            "PUT",
            "POST",
            "DELETE"
        ],
        "AllowedOrigins": [
            "http://oncf-app.s3-website.eu-north-1.amazonaws.com"
        ],
        "ExposeHeaders": []
    }
]

as you can see there are two paths that are not secured ('/auth' and '/test'), i tried to login using the '/auth' path, it works and get the token from the backend but after login the other paths are secured and seek the autorisation header which i showed you above, it works just in develpmenet mode

amazon-web-services cors token production request-headers
Original Q&A
0

There are 0 answers

Related Questions in AMAZON-WEB-SERVICES

Related Questions in CORS

Related Questions in TOKEN

Related Questions in PRODUCTION

Related Questions in REQUEST-HEADERS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions