How to set null authorization header in Go?

Question

I am writing a test suite for my program that fetches data from Github APIs. I need to set an empty authentication header. It works fine with curl but doesn't work in my Go program.

I tried setting it to "null" as suggested here. I've also tried nil, "" which don't work.

The output (too long to copy here but you can try it yourself) is as expected with curl -H "Authorization: " "https://api.github.com/repos/octocat/Hello-World/issues?state=open&per_page=1&page=1"

But here is the output with the same empty header set in Go:

{"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}

Here is the code (please don't suggest that I just remove the req.Header.Set() line. I need to keep it in for my test suite)

func main() {

        client := &http.Client{}

        //issues API from Github
        req, err := http.NewRequest("GET", "https://api.github.com/repos/octocat/Hello-World/issues?state=open&per_page=1&page=1", nil)
        if err != nil {
                log.Fatal(err)
        }   

        //set authorization header. I have tried nil, and ""
        req.Header.Set("Authorization", "null")

        resp, err := client.Do(req)
        if err != nil {
                log.Fatal(err)
        }   

        defer resp.Body.Close()

        //convert to a usable slice of bytes
        body, err := ioutil.ReadAll(resp.Body)
        if err != nil {
                fmt.Println("couldn't read issues list", err)
        }   

        fmt.Println(string(body))
}

Answer 1

Your curl command does not set an empty Authorization header; that curl command will exclude the Authorization header. You can verify it by adding the -v parameter:

curl -H "Authorization: " -v "https://api.github.com/repos/octocat/Hello-World/issues?state=open&per_page=1&page=1"

That being said, you shouldn't set Authorization header in your Go code either. So just remove that line, and your code becomes working immediately.