How to prevent/override authorization header in Safari?
I had this problem and probably it's a bug in Safari.
The request from Safari:
The same request in Wireshark:
Solution: don't use basic auth or change the authorization header name (e.g. use X-My-Api-Auth
).
I have had a similair situation, it worked fine in Chrome/Firefox but Edge and mobile browsers had issues. The only problem i had was that i could not change the header that is used for JWT authentication (Authorization).
So instead, i used a custom header for the JWT token in my client app:
$.ajaxSetup({ headers: {'X-JWT': accessToken}});
And in my webserver config (Nginx), i overwrite the Authorization
header with my custom JWT header X-JWT
:
underscores_in_headers on; location /api/ { auth_basic off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-NginX-Proxy true; proxy_pass http://127.0.0.1:8002/; proxy_set_header Authorization $http_x_jwt; proxy_ssl_session_reuse off; proxy_set_header Host $http_host; proxy_redirect off; }