Header-based auth in IE11/edge #290
Description
In #288 we switched to passing the auth token in a GET param instead of a Authorization header due to an intermittent issue passing the Authorization header in Microsoft browsers.
Essentially, if we call a URL like
https://developers.democracyclub.org.uk/api/v1/postcode/sw1a%201aa?utm_source=https:%2F%2Fwidget.wheredoivote.co.uk%2Fdemo.html&utm_medium=widget it issues a 301 Redirect to
https://developers.democracyclub.org.uk/api/v1/postcode/sw1a%201aa/?utm_medium=widget&utm_source=https%3A%2F%2Fwidget.wheredoivote.co.uk%2Fdemo.html
Sometimes when it follow the redirect IE/Edge isn't appending the Authorization header on the second request (when it follows the redirect), and that's causing us to get a 401 Unauthorized on the API response.
..but then sometimes it does append the header and it does work: its inconsistent
This does consistently append the header in Firefox/Chromium. Moving the token to client.defaults.headers.get['Authorization'] in axios doesn't do the job.
For now, passing the token in the query string gives a workaround, but it would be useful to get to the bottom of this, particularly if we want to switch the API authentication to AWS API gateway in future (which requires us to use a header for auth).