How can I set a custom request header by use tauri-plugin-http?

[floki2020]

I'm using the tauri-plugin-http plugin to access a third-party OpenAPI endpoint. The API requires an x-yunxiao-token request header for authentication. I have already configured the plugin in my Cargo.toml with the unsafe-headers feature enabled, but the custom header still does not work. The server keeps returning a 401 Unauthorized error.

---

Cargo.toml

name = "app_lib"
crate-type = ["staticlib", "cdylib", "rlib"]

[build-dependencies]
tauri-build = { version = "2", features = [] }

[dependencies]
tauri = { version = "2", features = [] }
tauri-plugin-opener = "2"
tauri-plugin-store = "2.0.0"
serde = { version = "1", features = ["derive"] }
serde_json = "1"
rusqlite = { version = "0.29.0", features = ["bundled"] }
dirs = "5.0"
thiserror = "1"
tauri-plugin-http = { version = "2", features = ["unsafe-headers"] }

Capability JSON

{
  "$schema": "../gen/schemas/desktop-schema.json",
  "identifier": "default",
  "description": "Capability for the main window",
  "windows": [
    "main"
  ],
  "permissions": [
    "core:default",
    "opener:default",
    "store:default",
    {
      "identifier": "http:default",
      "allow": [{ "url": "https://**" }]
    }
  ]
}

Rust Command (Full Debug Code)

use tauri::command;
use tauri_plugin_http::reqwest;

#[command]
pub async fn get_user_info(token: String) -> Result<String, String> {
    // 1. Print the received token
    println!("========== Starting Request ==========");
    println!("1. Received token: '{}'", token);
    println!("1. Token length: {}", token.len());
    println!("1. Is token empty: {}", token.is_empty());

    // 2. Clean up token (remove leading/trailing whitespace)
    let clean_token = token.trim();
    if clean_token.is_empty() {
        return Err("Token is empty".to_string());
    }
    println!("2. Cleaned token: '{}'", clean_token);

    // 3. Create HTTP client
    let client = reqwest::Client::builder()
        .user_agent("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36")
        .build()
        .map_err(|e| format!("Failed to create client: {}", e))?;
    println!("3. Client created successfully");

    // 4. Build request
    let request_builder = client
        .get("https://openapi-rdc.aliyuncs.com/oapi/v1/platform/user")
        .header("x-yunxiao-token", clean_token)
        .header("Accept", "application/json");

    // 5. Debug: Print all request headers
    match request_builder.try_clone() {
        Some(clone) => {
            match clone.build() {
                Ok(req) => {
                    println!("4. Request URL: {}", req.url());
                    println!("4. Request Method: {}", req.method());
                    println!("4. Request Headers:");
                    for (name, value) in req.headers() {
                        println!("   {}: {:?}", name, value);
                    }
                }
                Err(e) => {
                    println!("4. Failed to build request: {}", e);
                }
            }
        }
        None => {
            println!("4. Failed to clone request builder");
        }
    }

    // 6. Send request
    println!("5. Sending request...");
    let response = request_builder
        .send()
        .await
        .map_err(|e| {
            println!("!!! Request failed: {}", e);
            format!("Request failed: {}", e)
        })?;

    // 7. Print response info
    println!("6. Response Status Code: {}", response.status());
    println!("6. Response Headers:");
    for (name, value) in response.headers() {
        println!("   {}: {:?}", name, value);
    }

    // 8. Get response body
    let text = response.text().await.map_err(|e| format!("Failed to read response: {}", e))?;
    println!("7. Response Content: {}", text);
    println!("========== Request Finished ==========");

    Ok(text)
}

[FabianLars]

Your code works for me without any changes (with a different website url of course). I can see the headers on the server side in my test.

btw, the unsafe-headers feature is only relevant for the plugin's JS api.

Since you're using the plugin's reqwest re-export, you may get better help in their community, but i think this is a server side thing or an invalid token because again, your exact code works for me.