From 5f58f7e509a07219a30cc8a831f2e5d1bcd83a10 Mon Sep 17 00:00:00 2001
From: "David T. Sadler" <davidtsadler@googlemail.com>
Date: Thu, 8 Jul 2021 12:33:56 +0100
Subject: Use .htaccess in order to get bearer token from $_SERVER

---
 .htaccess                      | 5 +++++
 public/bookmarks/add/index.php | 4 +---
 2 files changed, 6 insertions(+), 3 deletions(-)
 create mode 100644 .htaccess

diff --git a/.htaccess b/.htaccess
new file mode 100644
index 0000000..f0da25f
--- /dev/null
+++ b/.htaccess
@@ -0,0 +1,5 @@
+<IfModule mod_rewrite.c>
+    # Handle Authorization Header.
+    RewriteCond %{HTTP:Authorization} .
+    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+</IfModule>
diff --git a/public/bookmarks/add/index.php b/public/bookmarks/add/index.php
index 5480361..7df8ced 100644
--- a/public/bookmarks/add/index.php
+++ b/public/bookmarks/add/index.php
@@ -10,9 +10,7 @@ if ('POST' !== filter_input(INPUT_SERVER, 'REQUEST_METHOD')) {
     respondAndExit(405, 'Method Not Allowed');
 }
 
-$bearerToken = getallheaders()['Authorization'] ?? null;
-
-if ('Bearer '.$config['bearer_token'] !== $bearerToken) {
+if ('Bearer '.$config['bearer_token'] !== filter_input(INPUT_SERVER, 'HTTP_AUTHORIZATION')) {
     respondAndExit(401, 'Unauthorized', ['WWW-Authenticate: Bearer realm="Bookmarks"']);
 }
 
-- 
cgit v1.2.3-13-gbd6f