Missing Authorization header in Angular 7 HTTP response

Accessing an API back-end from Angular client may result in missing response headers. A common scenario is a missing Authorization header, containing the JSON Web Token (JWT) which is returned from the back-end service when the user logs in successfully. The solution to the problem is to expose the desired header in the back-end code (notice that the Authorization header is not exposed by default). In the case of a Spring Boot back-end, we need to add the following line of code:

				
					response.addHeader("Access-Control-Expose-Headers", "Authorization");

The same rule applies to all custom headers that need to be exposed in the response to the client. Each of them needs to be explicitly exposed in the back-end code.

The full back-end code for the successful authentication method is available below:

				
					@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
                                        FilterChain chain, Authentication authResult) throws IOException, ServletException {
    String token = JWT.create()
            .withSubject(((User) authResult.getPrincipal()).getUsername())
            .withExpiresAt(new Date(System.currentTimeMillis() + EXPIRATION_TIME))
            .sign(HMAC512(SECRET.getBytes()));
    response.addHeader("Access-Control-Expose-Headers", "Authorization");
    response.addHeader(HEADER_STRING, TOKEN_PREFIX + token);
}

Letzte Beiträge

6 Fragen an unseren Geschäftsführer Dimitar

6 Fragen an unseren Senior Consultant Dominique

Machine learning concepts. Network training and evaluation

Machine learning concepts. Data preparation

Handling Events with Lambda Expressions

Implementing REST service architecture