Missing Authorization header in Angular 7 HTTP response

Accessing an API back-end from Angular client may result in missing response headers. A common scenario is a missing Authorization header, containing the JSON Web Token (JWT) which is returned from the back-end service when the user logs in successfully. The solution to the problem is to expose the desired header in the back-end code (notice that the Authorization header is not exposed by default). In the case of a Spring Boot back-end, we need to add the following line of code:

					response.addHeader("Access-Control-Expose-Headers", "Authorization");
The same rule applies to all custom headers that need to be exposed in the response to the client. Each of them needs to be explicitly exposed in the back-end code.
The full back-end code for the successful authentication method is available below:
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
                                        FilterChain chain, Authentication authResult) throws IOException, ServletException {
    String token = JWT.create()
            .withSubject(((User) authResult.getPrincipal()).getUsername())
            .withExpiresAt(new Date(System.currentTimeMillis() + EXPIRATION_TIME))
    response.addHeader("Access-Control-Expose-Headers", "Authorization");
    response.addHeader(HEADER_STRING, TOKEN_PREFIX + token);
Share :
Share :

Weitere Beiträge

View in the MVVM architecture

The View component in the MVVM architecture are the UI controllers – Activities and Fragments. They should be as free as possible from any business logic. Their role is to present the data, not to transform it.

Weiterlesen »
Repository in Android’s MVVM architecture

Repository is a class which purpose is to provide a clean API for accessing data. What that means is that the Repository can gather data from different data sources(different REST APIs, cache, local database storage) and it provides this data to the rest of the app.

Weiterlesen »