[Bug]: Calling SetAuthorizationHeader twice on the same RestClient instance causes an Authorization header collision (Invalid HTTP Header)

[Krajzys]

Describe the issue

In the "Rest Client" codeunit (codeunit 2350) calling SetAuthorizationHeader twice on the same instance, causes a header collision. This is due to the SetDefaultRequestHeader procedure implementation in codeunit 2351 "Rest Client Impl." that checks for existing header with method Contains, rather than ContainsSecret if the value of the header is a SecretText.
The error that is displayed as a result is: Invalid HTTP header. Please, make sure the format of the header is correct.

Expected behavior

Calling the procedure twice should remove the previous value of the header and replace it with a new one.

Steps to reproduce

1. Create an action on Page
2. In the trigger of the action add variable: RestClient: Codeunit "Rest Client"
3. Call procedures in this order: RestClient.Initalize, RestClient.SetAuthorizationHeader(...), RestClient.SetAuthorizationHeader(...)
4. Run the action from Page
5. It will throw an error: Invalid HTTP header. Please, make sure the format of the header is correct. on the second call

Sample code for reproduction:

trigger OnAction()
var
    RestClient: Codeunit "Rest Client";
begin
    RestClient.Initialize();
    RestClient.SetAuthorizationHeader(SecretStrSubstNo('Bearer test'));
    RestClient.SetAuthorizationHeader(SecretStrSubstNo('Bearer test'));
end;

Additional context

I will provide a fix for a bug

• I will provide a fix for a bug

[JesperSchulz]

🤖 AI triage completed. Product group, please validate the triage report (Microsoft internal access only, use Ctrl+Click to open in new tab).

---

_{Was this triage helpful? React with 👍 or 👎 on this comment to provide feedback.}