diff options
Diffstat (limited to 'www/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.html')
| -rw-r--r-- | www/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.html | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/www/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.html b/www/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.html index 7bf96dc..18ad8b7 100644 --- a/www/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.html +++ b/www/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.html @@ -18,11 +18,11 @@ <link href="/posts/php/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About PHP"/> </head> <body> - <section><h1>HTTP_AUTHORIZATION Missing From Global $_SERVER Variable</h1><blockquote>Thu 8th July 2021 By David T. Sadler.</blockquote><p>I came across an issue where I wanted to read the value of the HTTP_AUTHORIZATION key found in PHP's global $_SERVER variable.</p><pre><code class="php">$token = filter_input(INPUT_SERVER, 'HTTP_AUTHORIZATION');</code></pre><p>However the value of null was been returned even though a Authorization header was passed as part of the HTTP request.</p><pre><code class="shell">$ curl 127.0.0.1:8080/bookmarks/add -i -H "Authorization:Bearer xyz" -d "url=http://example.com/2"</code></pre><p>A quick print_r($_SERVER) confirmed that there was indeed no item for the key HTTP_AUTHORIZATION hence why I was getting a null value.</p><p>However the value was available with the getallheaders function.</p><pre><code class="php">$token = getallheaders()['Authorization']);</code></pre><p>After a bit of research I found that in some situations Apache may not pass authorization headers to PHP for security reasons. However it is possible to work around this by creating a rewrite rule in the site's .htaccess file to put the authorization header into an environment variable.</p><pre><IfModule mod_rewrite.c> + <section><h1>HTTP_AUTHORIZATION Missing From Global $_SERVER Variable</h1><blockquote>Thu 8th July 2021 By David T. Sadler.</blockquote><p>I came across an issue where I wanted to read the value of the HTTP_AUTHORIZATION key found in PHP's global $_SERVER variable.</p><pre><code class="php">$token = filter_input(INPUT_SERVER, 'HTTP_AUTHORIZATION');</code></pre><p>However the value of null was been returned even though a Authorization header was passed as part of the HTTP request.</p><pre><code class="shell">$ curl 127.0.0.1:8080/bookmarks/add -i -H "Authorization:Bearer xyz" -d "url=http://example.com/2"</code></pre><p>A quick print_r($_SERVER) confirmed that there was indeed no item for the key HTTP_AUTHORIZATION hence why I was getting a null value.</p><p>However the value was available with the getallheaders function.</p><pre><code class="php">$token = getallheaders()['Authorization']);</code></pre><p>After a bit of research I found that in some situations Apache may not pass authorization headers to PHP for security reasons. However it is possible to work around this by creating a rewrite rule in the site's .htaccess file to put the authorization header into an environment variable.</p><pre><IfModule mod_rewrite.c> # Handle Authorization Header. RewriteCond %{HTTP:Authorization} . RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] -</IfModule></pre><p>After adding the above to the .htaccess file the HTTP_AUTHORIZATION key is now been populated with the value of the Authorization header.</p><h3>Links</h3><a href="/posts/php">PHP - Read More Posts.</a><p>I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.</p><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p><a href="/">Return to Homepage.</a></section> +</IfModule></pre><p>After adding the above to the .htaccess file the HTTP_AUTHORIZATION key is now been populated with the value of the Authorization header.</p><h3>Links</h3><a href="/posts/php">PHP - Read More Posts.</a><p>I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.</p><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p><a href="/">Return to Homepage.</a></section> <script defer src="/js/highlight.min.js"></script> <script defer src="/js/site.js"></script> </body> |