Ocelot icon indicating copy to clipboard operation
Ocelot copied to clipboard

Published 20 hours ago verified publisher icon ThreeMammals

Handle HTTP 307 Temporary Redirect with Authorization header

Open luber opened this issue 5 years ago • 2 comments

Not sure if that is related to Ocelot or app.UseHttpsRedirection() middleware.

Expected Behavior / New Feature

When downstream service responses with 307 http status code, ocelot should not lose http headers when following the redirection.

Actual Behavior / Motivation for New Feature

Authorization header is lost when Ocelot follows temporary redirection to downstream service.

Steps to Reproduce the Problem

  1. configure reroute to downstream service that requires authentication using http scheme
  2. configure downstream service to use https redirection (by using app.UseHttpsRedirection() middleware)
  3. issue a call via postman to ocelot the upstream url with Authorization header. Ocelot will reach downstream service with Authorization header using http scheme, but then its middleware will do temporary redirection to switch to https but this time Authorization header will be missing.

Specifications

  • Version: 13.5.0
  • Platform: .net core 2.2

luber avatar Apr 24 '19 20:04 luber

I'm having barely the same issue when the request came from ie11. But I'm using the last ocelot version. Have you found any solution already ?

luccasmf avatar Jul 02 '20 19:07 luccasmf

@luber Hi Liubomyr! Do you stay with Ocelot?

ocelot should not lose http headers when following the redirection.

Well... Could you upgrade to the latest v22 and report the bug once again, please? We need your confirmation for latest version. Thanks!

raman-m avatar Jan 20 '24 11:01 raman-m

Outdated issue :exclamation:

You have the right to reopen this issue in the future if you come with a PR ready

raman-m avatar Jun 15 '24 12:06 raman-m