diff options
Diffstat (limited to 'www/posts/atom.xml')
| -rw-r--r-- | www/posts/atom.xml | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/www/posts/atom.xml b/www/posts/atom.xml index 751a69c..cabb593 100644 --- a/www/posts/atom.xml +++ b/www/posts/atom.xml @@ -4,8 +4,20 @@ <id>https://davidtsadler.com/posts/atom.xml</id> <link rel="alternate" type="text/html" href="https://davidtsadler.com/posts/index.html"/> <link rel="self" type="application/atom+xml" href="https://davidtsadler.com/posts/atom.xml"/> - <updated>2021-06-13T12:00:00Z</updated> + <updated>2021-07-08T12:00:00Z</updated> <entry> + <title type="text">HTTP_AUTHORIZATION Missing From Global $_SERVER Variable</title> + <id>https://davidtsadler.com/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.html</id> + <link rel="alternate" type="text/html" href="https://davidtsadler.com/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.html"/> + <author><name>David T. Sadler.</name></author> + <published>2021-07-08T12:00:00Z</published> + <updated>2021-07-08T12:00:00Z</updated> + <content type="html"><h1>HTTP_AUTHORIZATION Missing From Global $_SERVER Variable</h1><blockquote>Thu 8th July 2021 By David T. Sadler.</blockquote><p>I came across an issue where I wanted to read the value of the HTTP_AUTHORIZATION key found in PHP's global $_SERVER variable.</p><pre><code class="php">$token = filter_input(INPUT_SERVER, 'HTTP_AUTHORIZATION');</code></pre><p>However the value of null was been returned even though a Authorization header was passed as part of the HTTP request.</p><pre><code class="shell">$ curl 127.0.0.1:8080/bookmarks/add -i -H &quot;Authorization:Bearer xyz&quot; -d &quot;url=http://example.com/2&quot;</code></pre><p>A quick print_r($_SERVER) confirmed that there was indeed no item for the key HTTP_AUTHORIZATION hence why I was getting a null value.</p><p>However the value was available with the getallheaders function.</p><pre><code class="php">$token = getallheaders()['Authorization']);</code></pre><p>After a bit of research I found that in some situations Apache may not pass authorization headers to PHP for security reasons. However it is possible to work around this by creating a rewrite rule in the site's .htaccess file to put the authorization header into an environment variable.</p><pre>&lt;IfModule mod_rewrite.c&gt; + # Handle Authorization Header. + RewriteCond %{HTTP:Authorization} . + RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] +&lt;/IfModule&gt;</pre><p>After adding the above to the .htaccess file the HTTP_AUTHORIZATION key is now been populated with the value of the Authorization header.</p><h3>Links</h3><a href="/posts/php">PHP - Read More Posts.</a><p>I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.</p><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p><a href="/">Return to Homepage.</a></content> +</entry><entry> <title type="text">Backing Up a Git Repository</title> <id>https://davidtsadler.com/posts/git/2021-06-13/backing-up-a-git-repository/index.html</id> <link rel="alternate" type="text/html" href="https://davidtsadler.com/posts/git/2021-06-13/backing-up-a-git-repository/index.html"/> |