How does req.headers.authorization get set

I was browsing through some authentication code in nodejs and restify written by a fellow programmer when I came across the following lines

if (req.header.authorization) {
 // do soemthing 
} else {
var cookieValues = req.cookies["demo"]

What got me confused is that nowhere in this code did I see any line that is setting the “header.authorization” property of the req object or response object.

  • Laravel 5.1 Session and Socket.IO + Redis - Sending Notifications to Logged In (Known) Users and Group Of Users
  • Node.JS NPM not working on Windows
  • Nodemon is not working in Docker environment
  • How to Kill ffmpeg process in node.js
  • Mongoose (mongodb) batch insert?
  • Mongoose or query
  • what am I missing here ?

  • Failed to find package.json. Node.js may have issues starting. Verify package.json is valid or place code in a file named server.js or app.js
  • Where to place node.js files on server?
  • Nodejs how to detect if module is included
  • Multi-line commands in the sails console
  • getting started with without nodejs?
  • express-session, connect-redis and einaros/ws
  • 2 Solutions collect form web for “How does req.headers.authorization get set”

    Authorization is a request header, commonly use for HTTP Basic Auth. It would be set if the server requested authorization, and the browser then prompted the user for a username/password and sent it (base64-encoded) to the server with a subsequent request. For example:

    Server sends:

    WWW-Authenticate: Basic realm="your server"

    Client sends:

    Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

    See also:

    here is a example:

    var express = require('express');
    var morgan = require('morgan');
    var cookieParser = require('cookie-parser');
    var hostname = 'localhost';
    var port = 3000;
    var app = express();
    app.use(cookieParser('12345-67890-09876-54321')); // secret key
    function auth( req, res, next){
        if (!req.signedCookies.user){//如果user不存在
        var authHeader = req.headers.authorization;//获取认证情况的集合
            var err = new Error("you are not authorization");
            err.status = 401;
        console.log('authHeader :'+authHeader);
    //cookie 里名称,密码形式为: user: password
        var auth = new Buffer(authHeader.split(' ')[1], 'base64').toString().split(':');
        var user = auth[0];
        var pass = auth[1];
        if (user == 'admin' && pass =='password') {
            res.cookie('user', 'admin', {signed: true});
            var err = new Error("you are not authorization");
            err.status = 401;
        else {
            if (req.signedCookies.user == 'admin') {
            var err = new Error("you are not authorization");
            err.status = 401;
    app.use(function(err, req, res, next){
        res.writeHead(err.status || 500,
    // print
    app.listen(port, hostname, function(){
        console.log('Server running at :'+hostname+ ': '+port);


    Node.js is the Best Javascript runtime in the world.