follow_redirects dropping Bearer token header #3291
-
It appears that if we have follow_redirects set to True, and the server issues a redirect, bearer tokens aren't added to the redirected request. I'm resorting to code like this:
In the above, if follow_redirects is set to True, I'm getting a 401. Shouldn't headers be copied into redirected requests? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 6 replies
-
Perhaps you're seeing a redirect to a different host/scheme? Auth headers are maintained, unless the origin changes. (Perhaps a useful pointer for some more detailed "redirect behaviours" docs?) Refs... Line 455 in 609df7e Line 526 in 609df7e |
Beta Was this translation helpful? Give feedback.
-
So, just investigated it further. The redirect is to a different domain. Notes:
It appears that the auth header set on the client does not carry through to the redirected request if follow_redirects is set to True. However, if I use the same client to explicitly make a call to the new location (as in the code sample), then it works as expected. Is this expected behaviour? (I should specify that for better or worse, the same bearer token works for both the initial and redirected location). |
Beta Was this translation helpful? Give feedback.
Perhaps you're seeing a redirect to a different host/scheme?
Auth headers are maintained, unless the origin changes.
(Perhaps a useful pointer for some more detailed "redirect behaviours" docs?)
Refs...
httpx/httpx/_client.py
Line 455 in 609df7e
httpx/httpx/_client.py
Line 526 in 609df7e