We have a problem with downloading files from the server in background mode. The HTTP header “Authorization” field is lost while redirecting the request to another server.
We made some experiments and noticed that other fields (even the same but with underscore symbol at the end “Authorization_”) work perfectly in redirect. Looks like this field is erased according to some security reasons like if different servers use different authentication data.
It is possible to append “Authorization” field manually in foreground mode using
URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:
method. There’s a problem when we tried to use redirect request in background mode. Because according to the documentation "Tasks in background sessions automatically follow redirects.”.
I cannot find anything about skipping this field in RFC 2616, but suppose that probably there’s some undocumented solution to save “Authorization” field during redirect in background mode.
Let me assume that our front-end server may provide some special field in redirect response that would say that redirected server is trusted and we can use “Authorization” field without any modifications.
That is just an idea and probably we have to use it somehow else. Could you direct us please?