google chrome - Remove Default Authorization Header. ( Spring Webflux Security)

Question

I am using spring security with the below configurations.

@Bean
    public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
        http
            .securityContextRepository(securityContextRepository)
            .authorizeExchange()
            .anyExchange().authenticated()
        .and()
            .formLogin().disable()
            .httpBasic().disable()
            .csrf().disable()
            .logout().disable();
        return http.build();
    }

And my ShipxpressReactiveSecurityContextRepository load method looks like below.

@Override
    public Mono<SecurityContext> load(ServerWebExchange serverWebExchange) {
        String authorization = CollectionToolkit.getFirstElement(
            serverWebExchange.getRequest().getHeaders().get(ShipxSecurityConstant.Header.AUTHORIZATION_HEADER));
        if (StringToolkit.isNotEmpty(authorization)) {
            return authenticate(authorization, serverWebExchange);
        } else {
            return Mono.empty();
        }
    }

My use case is properly working. but my issue is here when I try to access my API from the browser (ex : localhost:8180/dmu) Spring browser prompt to authentication. in that situation if i enter the wrong user / password i cant change it with next request.

Because There is a "Authorization" request header with invalid authentication.

I have two questions.

1. How we can remove default request headers from the browser ( access get methods from browser URL)
2. how i can disable to generate default request headers from spring.

Example screenshot:

question from:https://stackoverflow.com/questions/65599089/remove-default-authorization-header-spring-webflux-security

Answer 1

Waitting for answers