0

My code try to read the auth_token from headers in rails.

def authenticate_through_header
  custom_header_value = request.headers['HTTP_AUTH_TOKEN']
end

this does not work for a https server but works for http server.

Any ideas?

Juan Kou
  • 155
  • 5
  • 12
  • Are you sure about the header name? It doesn't look a standard authentication header. The various authentication mechanism are generally using the `Authorization` header. – Simone Carletti Jun 19 '15 at 14:17

2 Answers2

0

It turns out that I need to use key HTTP_X_AUTH_TOKEN in order to get the value. And I also need to prepend X- to all my custom headers, otherwise the web server won't be able to recognize the custom headers.

Juan Kou
  • 155
  • 5
  • 12
0

Just run into this issue myself, with the exact same header name.

Found the answer here

If you do not explicitly set underscores_in_headers on;, nginx will silently drop HTTP headers with underscores (which are perfectly valid according to the HTTP standard). This is done in order to prevent ambiguities when mapping headers to CGI variables, as both dashes and underscores are mapped to underscores during that process.

I assume your live server was https using nginx as a reverse proxy while the dev version was just puma or similar.

Qwertie
  • 5,784
  • 12
  • 45
  • 89