Web service is skipping Authorization header?

I have a backend deployed to render as Web Service and CRON Job on render as well.

Cron job runs python script from github repository.
Each time when request was made, I log request headers in console.

When doing it locally, with local instance of backend and executing python script from cmd, everything works well, the ‘Authorization’ header is properly attached.

When I am trying to achieve the same thing with CRON Job deployed on github actions/render, the Authorization header is not present in Render’s Logs of backend. Can you give me a solution, what is not working?

Here is my python code:

   # returns token in json object
            self.TOKEN_REQUEST = requests.post(env.LOGIN_URL, env.CREDENTIALS)

            # outputs token length
            print(len(self.TOKEN_REQUEST.json().get('token')))

            # outputs token locally. Masks it in github actions
            print(self.TOKEN_REQUEST.json().get('token'))

            url = env.SAVE_INVOICE_LOG_URL + '/102022'
            token = self.TOKEN_REQUEST.json().get('token')
            headers = { 'Authorization': 'Bearer ' + token }

            self.INVOICE_EXISTS_REQUEST = requests.get(url, headers=headers)

Here is what I got in the backend logs. For the debugging purposes this route in not guarded by JwtGuard but the token is still attached (atleast it should be). Anyway Authorization header is missing::

Nov 1 01:33:57 PM   host:  {
Nov 1 01:33:57 PM    host: 'blabla',
Nov 1 01:33:57 PM    'user-agent': 'python-requests/2.28.1',
Nov 1 01:33:57 PM    accept: '*/*',
Nov 1 01:33:57 PM    'accept-encoding': 'blabla',
Nov 1 01:33:57 PM    'cdn-loop': 'cloudflare; subreqs=1',
Nov 1 01:33:57 PM    'cf-connecting-ip': 'blabla',
Nov 1 01:33:57 PM    'cf-ew-via': 'blabla',
Nov 1 01:33:57 PM    'cf-ipcountry': 'blabla',
Nov 1 01:33:57 PM    'cf-ray': 'blabla',
Nov 1 01:33:57 PM    'cf-visitor': '{"scheme":"https"}',
Nov 1 01:33:57 PM    'cf-worker': 'blabla',
Nov 1 01:33:57 PM    'true-client-ip': 'blabla',
Nov 1 01:33:57 PM    'x-forwarded-for': 'blabla, blabla',
Nov 1 01:33:57 PM    'x-forwarded-proto': 'https',
Nov 1 01:33:57 PM    'x-request-start': 'blabla'
Nov 1 01:33:57 PM  }

When I try to run the same setup with postman/same script running from console and locally running backend, the Authorization header is properly set:

 host:  {
  authorization: 'Bearer eyJhbGci...',
  'user-agent': 'PostmanRuntime/7.29.2',
  accept: '*/*',
  'postman-token': 'blabla',
  host: 'localhost:3000',
  'accept-encoding': 'gzip, deflate, br',
  connection: 'keep-alive'
}

Looks like Cron job doesn’t allow me to add headers to the request or I am adding them in a wrong way. What is strange, the solution works perfect locally. Any ideas? Is it a problem with backend maybe? Previously I had this app hosted on heroku and everything worked well.

Hi there,
This feels very much like an application issue as opposed to a Render issue but let’s try and break it down.

So you say you have a cron job deployed on Render -

  • are you making the request from this Cronjob to a service also deployed on Render?
  • Are you using the internal address of this service to keep the request within your account
  • or are you using the external address?
  • Have you tried using the Shell tab of the deployed cronjob to manually invoke the command to make sure it’s got all it needs access to?

Regards,

John B

Dear John B,

I found what caused the problem. From my Cronjob I was sending requests to https://my-website.com. Postman was also returning 401 without setting “Follow Authorization header” option to true.

Therefore, when I changed url to https://www.my-website.com everything works like a charm.

Looks like it was a problem related to my domain configuration. It was a very hard to find bug, I will just left this post here for the future in case somebody is struggling with the same problem.

Best wishes,
Mateusz

Thanks for the follow up and for sharing!

John B

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.