I'm having issues with a PHP application which uses the HTTP Authorization header for authentication. From what I can tell, the application isn't getting the Authorization header.
To test this out, I created a Request Bin (http://requestb.in), and sent a test request to it: curl -H "Authorization: password" http://requestb.in/1jt21f01. The Request Bin showed that the Authorization header had been successfully received: https://i.imgur.com/eUWLLRW.png
I then created a PHP application on NFO which does a dump of all of the $_SERVER variables at http://auth-header-test.squanchy.site.nfoservers.com/, and sent it the same test request: curl -H "Authorization: password" http://auth-header-test.squanchy.site.nfoservers.com/. The test application showed that the Authorization header had not been received: https://i.imgur.com/p2b0ybV.png
If I mis-spell the Authorization header, it does show up: curl -H "Authorizations: password" http://auth-header-test.squanchy.site.nfoservers.com/ results in: http://i.imgur.com/EV2EF0Z.png
Is there a configuration setting somewhere that's blocking the Authorization header from being passed on to the PHP application?
HTTP Authorization header not being passed to application
- Taeram
- New to forums
- Posts: 4
- https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
- Joined: Mon Oct 05, 2015 6:03 pm
Re: HTTP Authorization header not being passed to application
We don't have a special configuration that would cause it to be stripped on our end. Googling this problem, PHP running in CGI mode might have the issue, but we don't run PHP in CGI mode.
You might test the workaround given here and see if it helps: https://devhacksandgoodies.wordpress.co ... orization/
You might test the workaround given here and see if it helps: https://devhacksandgoodies.wordpress.co ... orization/
Re: HTTP Authorization header not being passed to application
Fantastic, thanks! The solution you linked to did indeed fix the issue.
Adding the following to my .htaccess file ensured the Authorization header showed up in the $_SERVER array:
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
Adding the following to my .htaccess file ensured the Authorization header showed up in the $_SERVER array:
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1