Welcome to the SRP Forum! Please refer to the SRP Forum FAQ post if you have any questions regarding how the forum works.

X-Authorization is not a header field in the request.

Hi
I have set up a new server using Abyss server - all appears to be working and I have setup the correct rewrites etc - but when I run any url using myurl/api/ I get the following error

X-Authorization is not a header field in the request.

It is probably a setup step I have missed but any guidance gratefully received

Thanks

Comments

  • Anton,

    Where are you seeing this error? Are you running a test from Postman and this is what is returned?

    If this is a new server, then I suspect your Registry configuration is missing this header field in the AdditionalValues string. Please refer to this article in the documentation.

    Note, however, that you do NOT see HTTP_X_AUTHORIZATION listed. You DO see HTTP_AUTHORIZATION. This is because HTTP_X_AUTHORIZATION is not always required. But, in your case it seems to be. So, just edit your Registry key and then edit the AdditionalValues string. Add HTTP_X_AUTHORIZATION to the list.
  • edited March 2018
    Anton,

    Actually, after looking at the code in HTTP_Authorization_Services, I am guessing the error you are seeing is coming from the second line in the code copied below:

    AuthorizationB64 = HTTP_Services('GetRequestHeaderField', 'Authorization') If Len(AuthorizationB64) else AuthorizationB64 = HTTP_Services('GetRequestHeaderField', 'X-Authorization')

    What is happening here is that the service is first testing to see if the HTTP_AUTHORIZATION header field is being passed in. If not, it then checks for HTTP_X_AUTHORIZATION. So, this tells me that HTTP_AUTHORIZATION is also missing (but you are only seeing the last error).

    Therefore, my original theory is probably correct: you don't have the Registry properly updated. However, you actually don't need HTTP_X_AUTHORIZATION. That is only needed for certain web servers like Apache. So, just make sure you enter the header fields that are showed in the documentation link I put in the previous response.
  • Thanks Don
    my registry Additional Values are HTTP_AUTHORIZATION,HTTP_X_AUTHORIZATION,HTTP_DEBUG,HTTP_MEDIA_TYPE,HTTP_ACCEPT_ENCODING,HTTP_ACCEPT_CHARSET,HTTP_ACCEPT_LANGUAGE

    I was running the test in firefox

    I will do some more debugging.

    Thanks
  • Yes I also get the message using POSTMAN
  • edited March 2016
    Anton,

    My opinion is that your Registry entry is not being used properly. Your AdditionalValues string looks good to me, but something is not right. Here's how it works:
    1. OECGI receives the request from the web server.
    2. OECGI uses the entries in the AdditionalValues string to determine which request header fields to include in the request array that is sent to the Engine Server.
    3. The Engine Server passes this array into an OpenEngine using the dispatch listener referenced in the Registery (i.e., HTTP_MCP). The request header values are stored in attribute 30 as an @VM delimited array.
    4. The SRP HTTP Framework stores these values into memory using the SetOECGIRequest service and retrieves them using the GetHTTPAdditionalValues service.

    So, the only reason you would be getting your error message is if OECGI did not get the header field in the original request. However, you must have something configured properly or the OECGI wouldn't be working at all. Therefore I'm not altogether certain what is going on.

    Side note: If you do not have a lot of web services already written, you may want to consider upgrading to v2.0.1. If you want to request an upgrade then just email support@srpcs.com and indicate the application your original framework was installed in (e.g., FRAMEWORKS, OPTO, etc.).
  • edited March 2016
    Anton,

    Do you have 'Authorization' in your Postman request header?
  • edited March 2016
  • Barry,

    That isn't the issue. Simply omitting the request header from Postman (which is what would happen in Firefox as well because you can't set request header field values that way) would simply pass in an empty value for the Authorization field. This would result in a 401 error (Unauthorized).

    Anton's error means that the Authorization request header field itself is not being passed in. That is the responsibility of the Registry string.
  • Kick me - one for the FAQ though - OI license expired yesterday so was causing the error - thanks for comments.
    Cheers
  • Anton,

    I gather the expired license was causing a delay in the OpenEngine from launching. However, I'm not quite sure I understand how that created the specific problem you were describing. I would have expected a timeout message, but not that message. Your message suggests that the engine was launched and processed the HTTP request.
  • Hi Don
    Yes you are correct - I changed the dll back and although it failed about three times it works OK. Strangely that is the only change I am aware that I made. It has occurred sporadically again but not consistently. I am up and running again it seems and will keep you posted if I can repeat the error.
    Thanks for you help.
Sign In or Register to comment.