bug: Authorization Header stripped out from requests in Android Production build #1286
Description
Provide environment information
System:
OS: macOS 15.1
CPU: (14) arm64 Apple M4 Max
Memory: 87.83 MB / 36.00 GB
Shell: 5.9 - /bin/zsh
Binaries:
Node: 20.18.1 - /usr/local/bin/node
npm: 10.8.2 - /usr/local/bin/npm
pnpm: 9.15.3 - /usr/local/bin/pnpm
Describe the bug
I was struggling to get authorization working on android production builds (it was working on development builds) and eventually noticed that the Authorization which is added to all trpc requests (in /apps/expo/src/utils/api.tsx) was being stripped out somehow and not part of the headers that the server received.
After a lot of debugging, I finally fixed it by changing the header from "Authorization" to "X-Authorization", in the expo trpc provider, as well as the packages/api/src/trpc.ts file. Now, it does not get stripped out, and I can correctly get and validate the authToken from the request.
Link to reproduction
fresh clone of this repo
To reproduce
Clone repo, setup DB & OAuth provider.
Build production Android .aap and release through Google Play Console.
Notice that after logging in, the app does not treat the user as logged in.
Additional information
feel free to close this issue, since I've resolved my problem, but I wanted to create the issue in case anyone else has issues with Authorization in the expo app's production builds. I'm not sure if "Authorization" should be changed to "X-Authorization" in this repo, but it's what worked for me.