blob: a6817d96e0e14ff2ca738bd5c903e4a8dcf398ac (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
# HTTP_AUTHORIZATION Missing From Global $_SERVER Variable
> Thu 8th July 2021 By David T. Sadler.
I came across an issue where I wanted to read the value of the HTTP_AUTHORIZATION key found in PHP's global $_SERVER variable.
```php
$token = filter_input(INPUT_SERVER, 'HTTP_AUTHORIZATION');
```
However the value of null was been returned even though a Authorization header was passed as part of the HTTP request.
```shell
$ curl 127.0.0.1:8080/bookmarks/add -i -H "Authorization:Bearer xyz" -d "url=http://example.com/2"
```
A quick print_r($_SERVER) confirmed that there was indeed no item for the key HTTP_AUTHORIZATION hence why I was getting a null value.
However the value was available with the getallheaders function.
```php
$token = getallheaders()['Authorization']);
```
After a bit of research I found that in some situations Apache may not pass authorization headers to PHP for security reasons. However it is possible to work around this by creating a rewrite rule in the site's .htaccess file to put the authorization header into an environment variable.
```
<IfModule mod_rewrite.c>
# Handle Authorization Header.
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
```
After adding the above to the .htaccess file the HTTP_AUTHORIZATION key is now been populated with the value of the Authorization header.
### Links
=> /posts/php PHP - Read More Posts.
I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.
=> mailto:david@davidtsadler.com Email david@davidtsadler.com
### License
=> https://creativecommons.org/licenses/by-sa/4.0/ The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Copyright © 2021 David T. Sadler.
=> / Return to Homepage.
|
