From 897a7072912a6de6f8579390fb764985e37e3e67 Mon Sep 17 00:00:00 2001 From: "David T. Sadler" Date: Thu, 8 Jul 2021 13:42:06 +0100 Subject: Add HTTP_AUTHORIZATION Missing From Global $_SERVER Variable --- gemini/index.gmi | 1 + gemini/posts/index.gmi | 1 + .../index.gmi | 51 ++++++++++++++++++++++ gemini/posts/php/index.gmi | 1 + www/index.html | 2 +- www/posts/atom.xml | 14 +++++- www/posts/index.html | 2 +- .../index.html | 29 ++++++++++++ www/posts/php/atom.xml | 14 +++++- www/posts/php/index.html | 2 +- www/sitemap.xml | 4 ++ 11 files changed, 116 insertions(+), 5 deletions(-) create mode 100644 gemini/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.gmi create mode 100644 www/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.html diff --git a/gemini/index.gmi b/gemini/index.gmi index 63d3a88..4cb718d 100644 --- a/gemini/index.gmi +++ b/gemini/index.gmi @@ -4,6 +4,7 @@ Hello and welcome to my little bit of the internet where I occasionally write ab ## Latest Posts +=> /posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/ 2021-07-08 - HTTP_AUTHORIZATION Missing From Global $_SERVER Variable => /posts/git/2021-06-13/backing-up-a-git-repository/ 2021-06-13 - Backing Up a Git Repository => /posts/linux/2021-06-05/xrandr-failed-to-get-size-of-gamma-for-output-default/ 2021-06-05 - Xrandr: Failed to Get Size of Gamma for Output Default => /posts/git/2021-05-29/setting-up-a-self-host-git-server/ 2021-05-29 - Setting up a Self Hosted Git Server diff --git a/gemini/posts/index.gmi b/gemini/posts/index.gmi index 7667661..bcaaa22 100644 --- a/gemini/posts/index.gmi +++ b/gemini/posts/index.gmi @@ -1,5 +1,6 @@ # The Home of David T. Sadler - All Posts +=> /posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/ 2021-07-08 - HTTP_AUTHORIZATION Missing From Global $_SERVER Variable => /posts/git/2021-06-13/backing-up-a-git-repository/ 2021-06-13 - Backing Up a Git Repository => /posts/linux/2021-06-05/xrandr-failed-to-get-size-of-gamma-for-output-default/ 2021-06-05 - Xrandr: Failed to Get Size of Gamma for Output Default => /posts/git/2021-05-29/setting-up-a-self-host-git-server/ 2021-05-29 - Setting up a Self Hosted Git Server diff --git a/gemini/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.gmi b/gemini/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.gmi new file mode 100644 index 0000000..a6817d9 --- /dev/null +++ b/gemini/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.gmi @@ -0,0 +1,51 @@ +# HTTP_AUTHORIZATION Missing From Global $_SERVER Variable + +> Thu 8th July 2021 By David T. Sadler. + +I came across an issue where I wanted to read the value of the HTTP_AUTHORIZATION key found in PHP's global $_SERVER variable. + +```php +$token = filter_input(INPUT_SERVER, 'HTTP_AUTHORIZATION'); +``` + +However the value of null was been returned even though a Authorization header was passed as part of the HTTP request. + +```shell +$ curl 127.0.0.1:8080/bookmarks/add -i -H "Authorization:Bearer xyz" -d "url=http://example.com/2" +``` + +A quick print_r($_SERVER) confirmed that there was indeed no item for the key HTTP_AUTHORIZATION hence why I was getting a null value. + +However the value was available with the getallheaders function. + +```php +$token = getallheaders()['Authorization']); +``` + +After a bit of research I found that in some situations Apache may not pass authorization headers to PHP for security reasons. However it is possible to work around this by creating a rewrite rule in the site's .htaccess file to put the authorization header into an environment variable. + +``` + + # Handle Authorization Header. + RewriteCond %{HTTP:Authorization} . + RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] + +``` + +After adding the above to the .htaccess file the HTTP_AUTHORIZATION key is now been populated with the value of the Authorization header. + +### Links + +=> /posts/php PHP - Read More Posts. + +I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to. + +=> mailto:david@davidtsadler.com Email david@davidtsadler.com + +### License + +=> https://creativecommons.org/licenses/by-sa/4.0/ The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. + +Copyright © 2021 David T. Sadler. + +=> / Return to Homepage. diff --git a/gemini/posts/php/index.gmi b/gemini/posts/php/index.gmi index 6a66f56..6ce9e74 100644 --- a/gemini/posts/php/index.gmi +++ b/gemini/posts/php/index.gmi @@ -1,5 +1,6 @@ # The Home of David T. Sadler - All Posts About PHP +=> /posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/ 2021-07-08 - HTTP_AUTHORIZATION Missing From Global $_SERVER Variable => /posts/php/2021-01-18/installing-php-8-for-windows-10/ 2021-01-18 - Installing PHP 8 for Windows 10 ### License diff --git a/www/index.html b/www/index.html index 5c46b20..7cb394b 100644 --- a/www/index.html +++ b/www/index.html @@ -18,7 +18,7 @@ -

The Home of David T. Sadler

Hello and welcome to my little bit of the internet where I occasionally write about things that interest me. You might find my posts interesting or you might not and that's okay.

Latest Posts

2021-06-13 - Backing Up a Git Repository2021-06-05 - Xrandr: Failed to Get Size of Gamma for Output Default2021-05-29 - Setting up a Self Hosted Git Server2021-05-28 - Pre and Post Validation Hooks with Certbot2021-05-27 - Wildcard Certificates with Let's Encrypt2021-02-15 - Accessing Nextcloud With WebDAV on Arch2021-02-08 - How to Host Your Own Gemini Site in the Cloud2021-01-18 - Installing PHP 8 for Windows 102020-12-21 - Installing Laravel Homestead in Arch Linux2020-12-14 - SQLSTATE[HY000] [2002] php_network_getaddresses: getaddrinfo failed2020-09-07 - Installing Zsh and Powerlevel10k on Arch Linux2020-08-31 - Enabling Audio in Arch Linux2020-08-24 - Pacman Cheat Sheet For Ubuntu Users2020-08-17 - Installing ST, DMENU and DWM in Arch Linux2020-07-13 - Sudo: sorry, you must have a tty to run sudo2020-06-22 - Granting Sudo Access to a User in Arch Linux2020-06-15 - Adding a User in Arch Linux2020-06-08 - Publishing Jigsaw Posts With Netlify Build Hooks2020-06-01 - Scheduling Posts in Jigsaw2020-05-25 - Installing Arch Linux on a Thinkpad X2202020-03-30 - Creating an Ebook With Markdown

All Posts

Post Archive

Tags

ArchGeminiGitJigsawLaravelLet's EncryptLinuxMarkdownNetlifyNextcloudPHP

Where to Find Me

GitHubGemini SiteEmail david@davidtsadler.com

License

The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Copyright © 2021 David T. Sadler.

+

The Home of David T. Sadler

Hello and welcome to my little bit of the internet where I occasionally write about things that interest me. You might find my posts interesting or you might not and that's okay.

Latest Posts

2021-07-08 - HTTP_AUTHORIZATION Missing From Global $_SERVER Variable2021-06-13 - Backing Up a Git Repository2021-06-05 - Xrandr: Failed to Get Size of Gamma for Output Default2021-05-29 - Setting up a Self Hosted Git Server2021-05-28 - Pre and Post Validation Hooks with Certbot2021-05-27 - Wildcard Certificates with Let's Encrypt2021-02-15 - Accessing Nextcloud With WebDAV on Arch2021-02-08 - How to Host Your Own Gemini Site in the Cloud2021-01-18 - Installing PHP 8 for Windows 102020-12-21 - Installing Laravel Homestead in Arch Linux2020-12-14 - SQLSTATE[HY000] [2002] php_network_getaddresses: getaddrinfo failed2020-09-07 - Installing Zsh and Powerlevel10k on Arch Linux2020-08-31 - Enabling Audio in Arch Linux2020-08-24 - Pacman Cheat Sheet For Ubuntu Users2020-08-17 - Installing ST, DMENU and DWM in Arch Linux2020-07-13 - Sudo: sorry, you must have a tty to run sudo2020-06-22 - Granting Sudo Access to a User in Arch Linux2020-06-15 - Adding a User in Arch Linux2020-06-08 - Publishing Jigsaw Posts With Netlify Build Hooks2020-06-01 - Scheduling Posts in Jigsaw2020-05-25 - Installing Arch Linux on a Thinkpad X2202020-03-30 - Creating an Ebook With Markdown

All Posts

Post Archive

Tags

ArchGeminiGitJigsawLaravelLet's EncryptLinuxMarkdownNetlifyNextcloudPHP

Where to Find Me

GitHubGemini SiteEmail david@davidtsadler.com

License

The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Copyright © 2021 David T. Sadler.

diff --git a/www/posts/atom.xml b/www/posts/atom.xml index 751a69c..cabb593 100644 --- a/www/posts/atom.xml +++ b/www/posts/atom.xml @@ -4,8 +4,20 @@ https://davidtsadler.com/posts/atom.xml - 2021-06-13T12:00:00Z + 2021-07-08T12:00:00Z + HTTP_AUTHORIZATION Missing From Global $_SERVER Variable + https://davidtsadler.com/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.html + + David T. Sadler. + 2021-07-08T12:00:00Z + 2021-07-08T12:00:00Z + <h1>HTTP_AUTHORIZATION Missing From Global $_SERVER Variable</h1><blockquote>Thu 8th July 2021 By David T. Sadler.</blockquote><p>I came across an issue where I wanted to read the value of the HTTP_AUTHORIZATION key found in PHP's global $_SERVER variable.</p><pre><code class="php">$token = filter_input(INPUT_SERVER, 'HTTP_AUTHORIZATION');</code></pre><p>However the value of null was been returned even though a Authorization header was passed as part of the HTTP request.</p><pre><code class="shell">$ curl 127.0.0.1:8080/bookmarks/add -i -H &quot;Authorization:Bearer xyz&quot; -d &quot;url=http://example.com/2&quot;</code></pre><p>A quick print_r($_SERVER) confirmed that there was indeed no item for the key HTTP_AUTHORIZATION hence why I was getting a null value.</p><p>However the value was available with the getallheaders function.</p><pre><code class="php">$token = getallheaders()['Authorization']);</code></pre><p>After a bit of research I found that in some situations Apache may not pass authorization headers to PHP for security reasons. However it is possible to work around this by creating a rewrite rule in the site's .htaccess file to put the authorization header into an environment variable.</p><pre>&lt;IfModule mod_rewrite.c&gt; + # Handle Authorization Header. + RewriteCond %{HTTP:Authorization} . + RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] +&lt;/IfModule&gt;</pre><p>After adding the above to the .htaccess file the HTTP_AUTHORIZATION key is now been populated with the value of the Authorization header.</p><h3>Links</h3><a href="/posts/php">PHP - Read More Posts.</a><p>I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.</p><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p><a href="/">Return to Homepage.</a> + Backing Up a Git Repository https://davidtsadler.com/posts/git/2021-06-13/backing-up-a-git-repository/index.html diff --git a/www/posts/index.html b/www/posts/index.html index 0109fec..da1330a 100644 --- a/www/posts/index.html +++ b/www/posts/index.html @@ -18,7 +18,7 @@ -

The Home of David T. Sadler - All Posts

2021-06-13 - Backing Up a Git Repository2021-06-05 - Xrandr: Failed to Get Size of Gamma for Output Default2021-05-29 - Setting up a Self Hosted Git Server2021-05-28 - Pre and Post Validation Hooks with Certbot2021-05-27 - Wildcard Certificates with Let's Encrypt2021-02-15 - Accessing Nextcloud With WebDAV on Arch2021-02-08 - How to Host Your Own Gemini Site in the Cloud2021-01-18 - Installing PHP 8 for Windows 102020-12-21 - Installing Laravel Homestead in Arch Linux2020-12-14 - SQLSTATE[HY000] [2002] php_network_getaddresses: getaddrinfo failed2020-09-07 - Installing Zsh and Powerlevel10k on Arch Linux2020-08-31 - Enabling Audio in Arch Linux2020-08-24 - Pacman Cheat Sheet For Ubuntu Users2020-08-17 - Installing ST, DMENU and DWM in Arch Linux2020-07-13 - Sudo: sorry, you must have a tty to run sudo2020-06-22 - Granting Sudo Access to a User in Arch Linux2020-06-15 - Adding a User in Arch Linux2020-06-08 - Publishing Jigsaw Posts With Netlify Build Hooks2020-06-01 - Scheduling Posts in Jigsaw2020-05-25 - Installing Arch Linux on a Thinkpad X2202020-03-30 - Creating an Ebook With Markdown

License

The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Copyright © 2021 David T. Sadler.

Return to Homepage.
+

The Home of David T. Sadler - All Posts

2021-07-08 - HTTP_AUTHORIZATION Missing From Global $_SERVER Variable2021-06-13 - Backing Up a Git Repository2021-06-05 - Xrandr: Failed to Get Size of Gamma for Output Default2021-05-29 - Setting up a Self Hosted Git Server2021-05-28 - Pre and Post Validation Hooks with Certbot2021-05-27 - Wildcard Certificates with Let's Encrypt2021-02-15 - Accessing Nextcloud With WebDAV on Arch2021-02-08 - How to Host Your Own Gemini Site in the Cloud2021-01-18 - Installing PHP 8 for Windows 102020-12-21 - Installing Laravel Homestead in Arch Linux2020-12-14 - SQLSTATE[HY000] [2002] php_network_getaddresses: getaddrinfo failed2020-09-07 - Installing Zsh and Powerlevel10k on Arch Linux2020-08-31 - Enabling Audio in Arch Linux2020-08-24 - Pacman Cheat Sheet For Ubuntu Users2020-08-17 - Installing ST, DMENU and DWM in Arch Linux2020-07-13 - Sudo: sorry, you must have a tty to run sudo2020-06-22 - Granting Sudo Access to a User in Arch Linux2020-06-15 - Adding a User in Arch Linux2020-06-08 - Publishing Jigsaw Posts With Netlify Build Hooks2020-06-01 - Scheduling Posts in Jigsaw2020-05-25 - Installing Arch Linux on a Thinkpad X2202020-03-30 - Creating an Ebook With Markdown

License

The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Copyright © 2021 David T. Sadler.

Return to Homepage.
diff --git a/www/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.html b/www/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.html new file mode 100644 index 0000000..7bf96dc --- /dev/null +++ b/www/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.html @@ -0,0 +1,29 @@ + + + + + + HTTP_AUTHORIZATION Missing From Global $_SERVER Variable + + + + + + + + + + + + + + +

HTTP_AUTHORIZATION Missing From Global $_SERVER Variable

Thu 8th July 2021 By David T. Sadler.

I came across an issue where I wanted to read the value of the HTTP_AUTHORIZATION key found in PHP's global $_SERVER variable.

$token = filter_input(INPUT_SERVER, 'HTTP_AUTHORIZATION');

However the value of null was been returned even though a Authorization header was passed as part of the HTTP request.

$ curl 127.0.0.1:8080/bookmarks/add -i -H "Authorization:Bearer xyz" -d "url=http://example.com/2"

A quick print_r($_SERVER) confirmed that there was indeed no item for the key HTTP_AUTHORIZATION hence why I was getting a null value.

However the value was available with the getallheaders function.

$token = getallheaders()['Authorization']);

After a bit of research I found that in some situations Apache may not pass authorization headers to PHP for security reasons. However it is possible to work around this by creating a rewrite rule in the site's .htaccess file to put the authorization header into an environment variable.

<IfModule mod_rewrite.c>
+    # Handle Authorization Header.
+    RewriteCond %{HTTP:Authorization} .
+    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+</IfModule>

After adding the above to the .htaccess file the HTTP_AUTHORIZATION key is now been populated with the value of the Authorization header.

Links

PHP - Read More Posts.

I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.

Email david@davidtsadler.com

License

The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Copyright © 2021 David T. Sadler.

Return to Homepage.
+ + + + diff --git a/www/posts/php/atom.xml b/www/posts/php/atom.xml index bac171d..278a6bd 100644 --- a/www/posts/php/atom.xml +++ b/www/posts/php/atom.xml @@ -4,8 +4,20 @@ https://davidtsadler.com/posts/php/atom.xml - 2021-01-18T12:00:00Z + 2021-07-08T12:00:00Z + HTTP_AUTHORIZATION Missing From Global $_SERVER Variable + https://davidtsadler.com/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.html + + David T. Sadler. + 2021-07-08T12:00:00Z + 2021-07-08T12:00:00Z + <h1>HTTP_AUTHORIZATION Missing From Global $_SERVER Variable</h1><blockquote>Thu 8th July 2021 By David T. Sadler.</blockquote><p>I came across an issue where I wanted to read the value of the HTTP_AUTHORIZATION key found in PHP's global $_SERVER variable.</p><pre><code class="php">$token = filter_input(INPUT_SERVER, 'HTTP_AUTHORIZATION');</code></pre><p>However the value of null was been returned even though a Authorization header was passed as part of the HTTP request.</p><pre><code class="shell">$ curl 127.0.0.1:8080/bookmarks/add -i -H &quot;Authorization:Bearer xyz&quot; -d &quot;url=http://example.com/2&quot;</code></pre><p>A quick print_r($_SERVER) confirmed that there was indeed no item for the key HTTP_AUTHORIZATION hence why I was getting a null value.</p><p>However the value was available with the getallheaders function.</p><pre><code class="php">$token = getallheaders()['Authorization']);</code></pre><p>After a bit of research I found that in some situations Apache may not pass authorization headers to PHP for security reasons. However it is possible to work around this by creating a rewrite rule in the site's .htaccess file to put the authorization header into an environment variable.</p><pre>&lt;IfModule mod_rewrite.c&gt; + # Handle Authorization Header. + RewriteCond %{HTTP:Authorization} . + RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] +&lt;/IfModule&gt;</pre><p>After adding the above to the .htaccess file the HTTP_AUTHORIZATION key is now been populated with the value of the Authorization header.</p><h3>Links</h3><a href="/posts/php">PHP - Read More Posts.</a><p>I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.</p><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p><a href="/">Return to Homepage.</a> + Installing PHP 8 for Windows 10 https://davidtsadler.com/posts/php/2021-01-18/installing-php-8-for-windows-10/index.html diff --git a/www/posts/php/index.html b/www/posts/php/index.html index a274e1d..4b9c00d 100644 --- a/www/posts/php/index.html +++ b/www/posts/php/index.html @@ -18,7 +18,7 @@ -

The Home of David T. Sadler - All Posts About PHP

2021-01-18 - Installing PHP 8 for Windows 10

License

The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Copyright © 2021 David T. Sadler.

Return to Homepage.
+

The Home of David T. Sadler - All Posts About PHP

2021-07-08 - HTTP_AUTHORIZATION Missing From Global $_SERVER Variable2021-01-18 - Installing PHP 8 for Windows 10

License

The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Copyright © 2021 David T. Sadler.

Return to Homepage.
diff --git a/www/sitemap.xml b/www/sitemap.xml index b83b2c5..43888a6 100644 --- a/www/sitemap.xml +++ b/www/sitemap.xml @@ -1,6 +1,10 @@ + https://davidtsadler.com/posts/php/2021-07-08/http-authorization-missing-from-global-server-variable/index.html + 2021-07-08T12:00:00Z + never + https://davidtsadler.com/posts/git/2021-06-13/backing-up-a-git-repository/index.html 2021-06-13T12:00:00Z never -- cgit v1.2.3-13-gbd6f