Does overwriteRequestHeaders work for the Authorization header

[jpjpjp]

Hi. This is my first question, so I'd be remiss if I didn't start by saying how awesome Portman is. This is such a wonderful tool. My sincere thanks to the authors and the community!

I've got a variance test which includes the following:

        - name: noAuthHeader
          overwrites:
            - overwriteRequestHeaders:
                - key: Authorization
                  remove: true

But in the generated collection, I still see the default Authorization header with its value in the Postman GUI.

Am I misunderstanding how overwriteRequestHeaders should work?

[thim81]

hi @jpjpjp

Would be able to share your OpenAPI and Portman config, so that we can try to reproduce the behaviour?

[jpjpjp]

With pleasure, @thim81. Attached are simplified versions of both, which I was able to use to reproduce the issue.

yaml-configs.zip

[thim81]

We got a PR in the making that should handle the special "Authorization" header better.

Long story short: within Postman the "Authorization" header is generated based on the Postman authentication option (if they are used).

So we will add the behaviour that handles the removal based on:

• overwriteRequestHeaders
• overwriteRequestSecurity
• overwriteCollectionSecurityValues

In your case:

overwrites:
            - overwriteRequestHeaders:
                - key: Authorization
                  remove: true

Will set the Postman Authentication option to "noauth", which will unset the header.

Before:

After:

We are in the process of adding the necessary test and using your provided config to validate the improvements.

[thim81]

@jpjpjp This is the result of using your provided config with the changes from the PR:

I think that this is the expected result?

I'll do some more validation and than it will be ready to be included in the next release.

[jpjpjp]

Hi @thim81, yes this is the expected result!

I was going to mark this as the answer, but perhaps it would make sense for you to respond when the new version is ready?

[thim81]

Hi @jpjpjp,

We just released Portman v1.27.0, which includes all your README suggestions and improvements for handling the "Authorization" overwrite properly.

Thanks for your clear feedback, which helped us reproduce the behavior and improve the logic in Portman.

We always appreciate feedback and suggestions, so don't hesitate to share them.

[jpjpjp]

Thank you @thim81! Confirmed that when using Portman v1.2.7.0 that:

            - overwriteRequestHeaders:
                - key: Authorization
                  remove: true

Completely removes the Authorization header from the generated postman request.

Thank you!