HTTP 307 Redirect: Authentication information is not forwared

[hflocken]

Expected Behavior

We call a REST URL via HTTP GET with the Authorization: Bearer header. As a response we get an HTTP 307 redirect to a different page. We would expect that all headers including the Authorization: Bearer header are forwarded to the new URL and that the correct response from the new URL is returned

Actual Behavior

The actual behavior is that the redirect to the new URL is performed and all headers except the Authorization: Bearer header are forwarded. However, as the new page is requiring authentication in the same way as the original URL, the call fails with an HTTP 401 error.

Reproduction Steps

The API is not public - therefore I cannot describe how somebody else could reproduce the issue.

Is there an existing issue for this?

• [X] I have searched the issue tracker for this problem.

Additional Information

No response

Insomnia Version

2023.4.0

What operating system are you using?

macOS

Operating System Version

Ventura 13.4.1

Installation method

Downloaded from the Insomnia page

Last Known Working Insomnia version

No response

[ericbf]

Is this on the roadmap? We are also facing this issue.

[git-commit-amen]

This is standard; it's a default behaviour for browsers and even cURL itself (cURL did behave differently once upon a time however that was fixed). The reason is a failsafe for security - to prevent sensitive credentials being sent to unexpected/untrusted places if a server returns an unexpected redirect.

Not a bug but sounds like a good idea for a feature request I think. Perhaps an optional setting that can be toggled on or something.