NSURLConnection Authorization Header not Working

Change this line:

NSURL *aUrl = [NSURL URLWithString: @"http://generericfakeapi.com/user/profile"];

To:

NSURL *aUrl = [NSURL URLWithString: @"http://generericfakeapi.com/user/profile/"];

Apparently iOS drops the Authorization header if there isn't a slash at the end of a URL. This problem literally cost me my sleep for two days.

For me it look fine. Are you sure you gave a valid token? Try catch the error like this

if (error) {    NSLog(@"error : %@", error.description);}

My code work well :

NSURL *jsonURL = [NSURL URLWithString:[NSString stringWithFormat:@"http://....ID=%i", cellID]];NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:jsonURL cachePolicy:NSURLRequestUseProtocolCachePolicy timeoutInterval:120.0];[request setValue:@"Basic ...." forHTTPHeaderField:@"Authorization"];NSURLResponse *response;NSError * error  = nil;NSData *POSTReply = [NSURLConnection sendSynchronousRequest:request returningResponse:&response error:&error];

hope it helps

@isair's answer is truly a lifesaver.

Just to add on the root cause if you're interested:

NSURLRequest defines a set of reserved HTTP headers. And surprisingly, Authrorization is part of it.

The URL Loading System handles various aspects of the HTTP protocol for you (HTTP 1.1 persistent connections, proxies, authentication, and so on). As part of this support, the URL Loading System takes responsibility for certain HTTP headers:

• Content-Length

• Authorization

• Connection

• Host

• Proxy-Authenticate

• Proxy-Authorization

• WWW-Authenticate

If you set a value for one of these reserved headers, the system may ignore the value you set, or overwrite it with its own value, or simply not send it. Moreover, the exact behavior may change over time. To avoid confusing problems like this, do not set these headers directly.

In @isair's case, it's highly likely that URLs without a trailing slash had triggered such "filtering" behaviour. This maybe an inconsistency in the implementation but we don't have access to the source code to verify that.

In my case, I was writing a React webapp that uses Authorization header to authenticate with the backend Django server. The app behaved perfectly on desktop Chrome but always failed to access login-required APIs on the iPhone (both Safari and Chrome), due to the missing Authorization header.

The ideal solution is to avoid using Authorization at all. But if you're communicating with a backend framework that specifically requires it (e.g. Django Rest Framework's token authentication). @isair's answer can be a good workaround.