summaryrefslogtreecommitdiff
path: root/gemini/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.gmi
diff options
context:
space:
mode:
Diffstat (limited to 'gemini/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.gmi')
-rw-r--r--gemini/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.gmi51
1 files changed, 51 insertions, 0 deletions
diff --git a/gemini/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.gmi b/gemini/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.gmi
new file mode 100644
index 0000000..a6817d9
--- /dev/null
+++ b/gemini/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.gmi
@@ -0,0 +1,51 @@
+# HTTP_AUTHORIZATION Missing From Global $_SERVER Variable
+
+> Thu 8th July 2021 By David T. Sadler.
+
+I came across an issue where I wanted to read the value of the HTTP_AUTHORIZATION key found in PHP's global $_SERVER variable.
+
+```php
+$token = filter_input(INPUT_SERVER, 'HTTP_AUTHORIZATION');
+```
+
+However the value of null was been returned even though a Authorization header was passed as part of the HTTP request.
+
+```shell
+$ curl 127.0.0.1:8080/bookmarks/add -i -H "Authorization:Bearer xyz" -d "url=http://example.com/2"
+```
+
+A quick print_r($_SERVER) confirmed that there was indeed no item for the key HTTP_AUTHORIZATION hence why I was getting a null value.
+
+However the value was available with the getallheaders function.
+
+```php
+$token = getallheaders()['Authorization']);
+```
+
+After a bit of research I found that in some situations Apache may not pass authorization headers to PHP for security reasons. However it is possible to work around this by creating a rewrite rule in the site's .htaccess file to put the authorization header into an environment variable.
+
+```
+<IfModule mod_rewrite.c>
+ # Handle Authorization Header.
+ RewriteCond %{HTTP:Authorization} .
+ RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+</IfModule>
+```
+
+After adding the above to the .htaccess file the HTTP_AUTHORIZATION key is now been populated with the value of the Authorization header.
+
+### Links
+
+=> /posts/php PHP - Read More Posts.
+
+I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.
+
+=> mailto:david@davidtsadler.com Email david@davidtsadler.com
+
+### License
+
+=> https://creativecommons.org/licenses/by-sa/4.0/ The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
+
+Copyright © 2021 David T. Sadler.
+
+=> / Return to Homepage.