diff options
Diffstat (limited to 'www/posts/php/atom.xml')
| -rw-r--r-- | www/posts/php/atom.xml | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/www/posts/php/atom.xml b/www/posts/php/atom.xml index 9f64dc4..6970ec0 100644 --- a/www/posts/php/atom.xml +++ b/www/posts/php/atom.xml @@ -12,11 +12,11 @@ <author><name>David T. Sadler.</name></author> <published>2021-07-08T12:00:00Z</published> <updated>2021-07-08T12:00:00Z</updated> - <content type="html"><h1>HTTP_AUTHORIZATION Missing From Global $_SERVER Variable</h1><blockquote>Thu 8th July 2021 By David T. Sadler.</blockquote><p>I came across an issue where I wanted to read the value of the HTTP_AUTHORIZATION key found in PHP's global $_SERVER variable.</p><pre><code class="php">$token = filter_input(INPUT_SERVER, 'HTTP_AUTHORIZATION');</code></pre><p>However the value of null was been returned even though a Authorization header was passed as part of the HTTP request.</p><pre><code class="shell">$ curl 127.0.0.1:8080/bookmarks/add -i -H &quot;Authorization:Bearer xyz&quot; -d &quot;url=http://example.com/2&quot;</code></pre><p>A quick print_r($_SERVER) confirmed that there was indeed no item for the key HTTP_AUTHORIZATION hence why I was getting a null value.</p><p>However the value was available with the getallheaders function.</p><pre><code class="php">$token = getallheaders()['Authorization']);</code></pre><p>After a bit of research I found that in some situations Apache may not pass authorization headers to PHP for security reasons. However it is possible to work around this by creating a rewrite rule in the site's .htaccess file to put the authorization header into an environment variable.</p><pre>&lt;IfModule mod_rewrite.c&gt; + <content type="html"><h1>HTTP_AUTHORIZATION Missing From Global $_SERVER Variable</h1><blockquote>Thu 8th July 2021 By David T. Sadler.</blockquote><p>I came across an issue where I wanted to read the value of the HTTP_AUTHORIZATION key found in PHP&#039;s global $_SERVER variable.</p><pre><code class="php">$token = filter_input(INPUT_SERVER, &#039;HTTP_AUTHORIZATION&#039;);</code></pre><p>However the value of null was been returned even though a Authorization header was passed as part of the HTTP request.</p><pre><code class="shell">$ curl 127.0.0.1:8080/bookmarks/add -i -H &quot;Authorization:Bearer xyz&quot; -d &quot;url=http://example.com/2&quot;</code></pre><p>A quick print_r($_SERVER) confirmed that there was indeed no item for the key HTTP_AUTHORIZATION hence why I was getting a null value.</p><p>However the value was available with the getallheaders function.</p><pre><code class="php">$token = getallheaders()[&#039;Authorization&#039;]);</code></pre><p>After a bit of research I found that in some situations Apache may not pass authorization headers to PHP for security reasons. However it is possible to work around this by creating a rewrite rule in the site&#039;s .htaccess file to put the authorization header into an environment variable.</p><pre>&lt;IfModule mod_rewrite.c&gt; # Handle Authorization Header. RewriteCond %{HTTP:Authorization} . RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] -&lt;/IfModule&gt;</pre><p>After adding the above to the .htaccess file the HTTP_AUTHORIZATION key is now been populated with the value of the Authorization header.</p><h3>Links</h3><a href="/posts/php">PHP - Read More Posts.</a><p>I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.</p><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p><a href="/">Return to Homepage.</a></content> +&lt;/IfModule&gt;</pre><p>After adding the above to the .htaccess file the HTTP_AUTHORIZATION key is now been populated with the value of the Authorization header.</p><h3>Links</h3><a href="/posts/php">PHP - Read More Posts.</a><p>I don&#039;t have comments as I don&#039;t want to manage them. You can however contact me at the below address if you want to.</p><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p><a href="/">Return to Homepage.</a></content> </entry><entry> <title type="text">Installing PHP 8 for Windows 10</title> <id>https://davidtsadler.com/posts/php/2021-01-18/installing-php-8-for-windows-10/</id> @@ -28,6 +28,6 @@ PHP 8.0.1 (cli) (built: Jan 5 2021 23:43:33) ( NTS Visual C++ 2019 x64 ) Copyright (c) The PHP Group -Zend Engine v4.0.1, Copyright (c) Zend Technologies</code></pre><h3>Links</h3><a href="https://windows.php.net/">PHP For Windows.</a><a href="/posts/php">PHP - Read More Posts.</a><p>I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.</p><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p><a href="/">Return to Homepage.</a></content> +Zend Engine v4.0.1, Copyright (c) Zend Technologies</code></pre><h3>Links</h3><a href="https://windows.php.net/">PHP For Windows.</a><a href="/posts/php">PHP - Read More Posts.</a><p>I don&#039;t have comments as I don&#039;t want to manage them. You can however contact me at the below address if you want to.</p><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p><a href="/">Return to Homepage.</a></content> </entry> </feed>
\ No newline at end of file |