Custom HTTP Headers Disappear Over HTTPS In Both Rails 3 and Android Mobile App

Quick background. I have a Rails 3 Web Service, Rails 3 web client, and Android mobile app. The clients send an authentication token in an http header to the web service.

Before HTTPS was turned on, everything worked fine. HTTPS gets turned on, and it stops working. My custom header doesn't make it any more. When I first encountered this I was working with the Android app, and assumed it was an Android specific thing. I finally gave up and just had to hack it by sending the auth token in POST/GET params. Now that I'm back to the rails web client however, I have the same issue. The header just doesn't make it across.

In the case of the rails web client, it is even on the same server.

I can find absolutely no information on this. Can anyone h开发者_Go百科elp?

Not sure if that's related, but over SSL connection the library usually requires trusted source and valid certificate. Does the logs say anything about certificate?

Old question, but let me put this here.

I noticed this problem as well in HTTPS, but HTTP_AUTHORIZATION headers do make it. So you can use that instead of custom headers.

I would also like to know why this happens.