Authorization Header Stripped in Latest Firefox Developer Edition

[rhclayto]

Describe the issue

Using the latest Firefox Developer Edition (111.0b8), & Axios 0.2.7, Authorization headers set in an interceptor are not being sent with the request. This does not occur in Chrome or regular stable Firefox. Doing some research, I found that changing these new settings in about:config makes it work again.

network.fetch.redirect.stripAuthHeader = false
network.http.redirect.stripAuthHeader = false

Specifically, setting network.fetch.redirect.stripAuthHeader = false makes it work for me again, the other setting has no effect.

It seems Firefox has implemented a new spec for the Fetch protocol which requires stripping the Authorization header in certain circumstances, & their change was too aggressive & a patch was added, but I'm still getting the problem with the patched version. Here is where I found the new settings & new behavior: https://bugzilla.mozilla.org/show_bug.cgi?id=1817980

Supposedly , the stripping only occurs when the browser receives a redirect to a different origin response back from the server. However, that is not the case in my situation, I get a 200 response back, & the SPA using Axios & the API server Axios is calling are on the same subdomain & https protocol, so there should be no cross-origin issues.

Anybody know how to make Authorization headers set in Axios interceptors work with this new behavior?

Example Code

No response

Expected behavior

No response

Axios Version

0.2.7

Adapter Version

No response

Browser

Firefox Developer

Browser Version

111.0b8

Node.js Version

No response

OS

No response

Additional Library Versions

No response

Additional context/Screenshots

No response

[iamunhoz]

I can confirm this is also happening in normal Firefox 111.0.1

[rhclayto]

I solved this in my case. I had a bug in my code. One of the URLs was http rather than https, & my server is configured to automatically redirect http to https, thus triggering this behavior.