Custom Request Headers not sent for NON-GET requests

[gregorycfrank]

My app uses Oauth2. As a poor-man's workaround for testing I made the endpoint /api/browser/** available to all. In the HAL Browser I've set the Custom Request Header to Authorization:bearer {token}. Browsing the network calls in Chrome shows that the Authorization header is sent for GET requests, but not for NON-GET requests. This makes authorization for my endpoints fail for any NON-GET requests.

[DarianAnjuhal]

I have the same issue. Do you have a solution already?

[RyamBaCo]

Also experiencing the same issue. I could partially fix it by also setting the request headers in client.js at the function HAL.Http.Client.prototype.request but I wasn't able to fix all the issues since modifications in CustomPostForm.js also need to be made (to also add the headers in the upcoming get request), which appears to be part of Spring Boot.

Our fix is currently calling a custom code snippet which is overriding the Authentication header for all requests with the value from the textarea. Of course not feasible for all use cases but good enough for us right now:

$.ajaxSetup({ beforeSend: function (xhr) { xhr.setRequestHeader("Authorization",$('.request-headers textarea').val()); } });

[gregorycfrank]

Not sure if it relates directly to this project, but I fixed it in Spring Data REST as shown here: https://jira.spring.io/browse/DATAREST-1077