Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Invoke-RestMethod does not strip Authorization Headers #2227

Copy link
Copy link
Closed
Closed
Invoke-RestMethod does not strip Authorization Headers#2227
Copy link
Assignees
dantraMSFT
Labels
Committee-ReviewedPS-Committee has reviewed this and made a decisionPS-Committee has reviewed this and made a decisionResolution-FixedThe issue is fixed.The issue is fixed.Size-WeekWG-Cmdletsgeneral cmdlet issuesgeneral cmdlet issues
Milestone
6.0.0-GA
@dave-tucker

Description

@dave-tucker
dave-tucker
opened on Sep 10, 2016
Issue body actions

Steps to reproduce

Attempt to download something using Invoke-RestMethod that requires an Authorization header AND generates a 302 redirect to the final location of that resource.

One such example is downloading a build artifact from an AppVeyor project.
E.g from the example here

Invoke-RestMethod -Method Get -Uri "$apiUrl/buildjobs/$jobId/artifacts/$artifactFileName" `
-OutFile $localArtifactPath -Headers @{ "Authorization" = "Bearer $token" }

Expected behavior

The request should succeed like it does on Windows

Actual behavior

The request fails with the following error

Invoke-RestMethod : Response status code does not indicate success: 400 (Authentication information is not given in the correct
format. Check the value of Authorization header.).
At /Users/dave/Desktop/appveyor.ps1:31 char:1
+ Invoke-RestMethod -Method Get -Uri "$apiUrl/buildjobs/$jobId/artifact ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (Method: GET, Re...rShell/6.0.0
}:HttpRequestMessage) [Invoke-RestMethod], HttpRequestException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

Having debugged this with AppVeyor support it seems they send a 302 redirect to a location in Azure. On Windows, I've verified with Fiddler that the Authorization header is stripped which allows this command to succeed. On Mac it would appear the Authorization header is not stripped, causing Azure to generate the error.

Environment data

> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      6.0.0-alpha
PSEdition                      Core
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   3.0.0.0
GitCommitId                    v6.0.0-alpha.9
CLRVersion
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
Reactions are currently unavailable

Metadata

Metadata

Assignees

Labels

Committee-ReviewedPS-Committee has reviewed this and made a decisionPS-Committee has reviewed this and made a decisionResolution-FixedThe issue is fixed.The issue is fixed.Size-WeekWG-Cmdletsgeneral cmdlet issuesgeneral cmdlet issues

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions
    Morty Proxy This is a proxified and sanitized view of the page, visit original site.