Missing Authorization header in Angular 7 HTTP response

Accessing an API back-end from Angular client may result in missing response headers. A common scenario is a missing Authorization header, containing the JSON Web Token (JWT) which is returned from the back-end service when the user logs in successfully. The solution to the problem is to expose the desired header in the back-end code (notice that the Authorization header is not exposed by default). In the case of a Spring Boot back-end, we need to add the following line of code:

					response.addHeader("Access-Control-Expose-Headers", "Authorization");
The same rule applies to all custom headers that need to be exposed in the response to the client. Each of them needs to be explicitly exposed in the back-end code.
The full back-end code for the successful authentication method is available below:
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
                                        FilterChain chain, Authentication authResult) throws IOException, ServletException {
    String token = JWT.create()
            .withSubject(((User) authResult.getPrincipal()).getUsername())
            .withExpiresAt(new Date(System.currentTimeMillis() + EXPIRATION_TIME))
    response.addHeader("Access-Control-Expose-Headers", "Authorization");
    response.addHeader(HEADER_STRING, TOKEN_PREFIX + token);
Share :
Share :

Weitere Beiträge


LiveData is an observable data holder class. It is also lifecycle-aware, which means that it respects the lifecycle of the other app components, such as activities, fragments and services. It notifies only active observers, represented by the Observer class.

Weiterlesen »
Dependency Injection

Each Object-oriented application consists of many classes that work together in order to solve a problem. However, when writing a complex application, application classes should be as independent as possible.

Weiterlesen »