Http request node sends bearer when auth is off

I have several http request nodes, without the authentication checked, and I'm setting msg.headers with a JWT token in the previous node, and the node instead sends a header of BASIC xxxxxxxxxx. I can't seem to figure out why or why some http request nodes do this and others don't. The flows.json look the same regardless.

Using Node Red 0.20.7 (I know about 1.0.3 but I tried that one and saw no difference in behaviour).

Anyone had this problem and solved it?

Apologies if this was answered in the forum, I searched but didn't find anything helpful.

Thanks in advance.

@RobP there was a bug in 0.20 with the logic of the HTTP Request node's handling of auth - if you had ever added user/password credentials into the node, then it would use those regardless of whether you had since unticked the auth box in the node.

The quick fix is to replace your HTTP Request nodes with new instances - You can select the node, ctrl-c/ctrl-v to copy and paste it. Then delete the original. That will ensure there are no stale credentials for the new copies.

Interesting. If I check the flows.json file, I see no credentials, where are the credentials are coming from?

Also, can I simply replace in 0.20?

(Thanks for the immediate response to my post)

Credentials are stored in the credentials file - it has the same name as your flow file, but with _creds in the middle. By default the file is encrypted, so you won't be able to inspect it.

Yes, you should be able to do the copy/paste trick in 0.20.

Right, I knew about the _cred file, just not sure why node red is trying to populate that node with creds. IN any case, rebuilding now to test the replacement.

OK something just clicked, there may be something in _creds file linked to that node instance ID, and by replacing it, with a new instance ID, that will be broken. If that's what's going on, at least I understand it :slight_smile:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.