req.headers.authorization is undefined when I make a POST request to my API route in production (works in local dev server)

Question

When I serve my application locally, I can access req.headers.authorization to read my Bearer Token. The same code is used in my deployed application, but when I make the same POST request to my live API route, req.headers is undefined in my NextJS API route. Why is this the case? Am I missing something about req.headers in NextJS that is unique to a deployed application?

Happy to provide more information as necessary! Thank you!

export default async function handler(req, res) {
  console.log('req ' + req);
  console.log('req.headers ' + req.headers);
  console.log('req.headers.authorization: ' + req.headers.authorization);

// ...etc.

When I run the dev server, I can read the Bearer Token successfully, and I can read it in the logs shown above, but in production the requests' req.headers.authorization is undefined.

I've tried accessing the Bearer Token in my request headers, but I can only do so in a development server environment. This fails when I make the very same request to my live, hosted application.

Answer 1

I was using http with vercel base URL. I changed it to HTTPS and it worked.

Answer 2

I was able to hit the endpoint and use my Bearer token by making a curl request and adding 'www' to the URL:

curl --request POST \
      --url 'https://www.example.com/api/my_route' \
      --header 'Authorization: Bearer ${{ secrets.EMAIL_ROUTE_SECRET }}'

I'm not sure what fixed it -- might be an issue with thunder client.