the redirection to phoenix from nginx loses the authorization header

This is a feature in curl. If a request gets redirected to a different hostname, then any Authorization header is going to be removed in the second request in order not to leak credentials to an unrelated server. (You’re making a request to localhost:80, but the redirect location is 0.0.0.0:4000, so that counts as a different hostname.)

You can get curl to forward the Authorization header by using the --location-trusted option instead of -L.

(Though it’s odd that you’re seeing this with curl 7.54.0 – according to this security advisory, curl 7.54.0 should behave as you expect it to, and only 7.58.0 and higher have this protection feature.)

CLICK HERE to find out more related problems solutions.

Leave a Comment

Your email address will not be published.

Scroll to Top