Set Header on ReDirect

Moo · December 26, 2019, 3:13pm

Hi,

I set a Header value and go Redirect.

w.Header().Set("Authorization", "Bearer "+token)
w.Header().Set("Location","/dashboard")
w.WriteHeader(301)
w.Write([]byte{})

The responseheader is not set! Why? How I get a Redirect with my old header?

lutzhorn · December 26, 2019, 3:24pm

Any reason you don’t use Redirect? Maybe like this:

w.Header().Set("Authorization", "Bearer "+token)
http.Redirect(w, r, "/dashboard", 301)

Moo · December 26, 2019, 3:25pm

Its the same problem, header is not set!

lutzhorn · December 26, 2019, 3:25pm

Which header is not set? If you mean Authorization, note that this is a request header. It makes no sense to set it on the response.

https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Authorization

Moo · December 26, 2019, 3:36pm

How set a header by redirect???

lutzhorn · December 26, 2019, 3:40pm

Which header to you want to set?

Moo · December 26, 2019, 3:51pm

I would a redirect after login to dashboard with Authorization value ("Authorization", "Bearer "+token)

lutzhorn · December 26, 2019, 3:55pm

You should split this into two requests:

Login: The server returns the token in the response body with status 200 OK. The client keeps the token for further requests.
Open Dashboard: The client requests /dashboard and sets the Authorization header using the token received as the result of the previous request.

Moo · December 26, 2019, 6:38pm

Ok, is a well-know way! But, the client is a normal website, with navigtion including tag links and i can’t set a header by call the next page. Ok, i like JS, but you can only set a header when use ajax, the header set from browser is false. https://developer.mozilla.org/en-US/docs/Web/API/Headers/set

When i use a onepage-site or Vue/React, then is any call a ajax-call.

I always wanted to loop the JWT token from the server site with set and get header.

lutzhorn · December 26, 2019, 6:45pm

Note that this is not a question specific to Go. How HTTP works is the same, no matter which programming language you use as the backed.

~~So maybe this forum is the wrong place to discussion this question.~~

How about setting a cookie including the JWT in the response? The backend should be able to extract the JWT both from a cookie and the Authorization header.

Moo · December 26, 2019, 7:00pm

Yes, this is a GO-Question, as I search a workaround for http- response/request serversite. Cookie is not well, just got away from it!

When you me not can help, it’s ok, no problem, but try not to distract yourself by looking for a reason not to answer this question.

geosoft1 · December 26, 2019, 7:33pm

Redirecting won’t pass headers to destination if this is what you ask yourself. You must use other methods to forward headers like sessions.

jabbson · December 26, 2019, 7:56pm

I am still trying to wrap my head around why is request Authorization header is needed in the server response?

luhonghai · December 27, 2019, 12:44am

If you want to keep the old data (headers, method, body …), use http code 308 instead. Client will re-send all data to new location. (Some client like OkHttp will not accept 308 method)

Moo · December 27, 2019, 6:19am

THX… That was the answer I was looking for! And welcome into the community!

system · March 26, 2020, 6:19am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.