blob: 7bf96dcad941b5bc8dd2e91874baf71dfd89aee2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>HTTP_AUTHORIZATION Missing From Global $_SERVER Variable</title>
<link rel="shortcut icon" href="/images/favicon.png">
<link rel="stylesheet" href="/css/site.css">
<link href="/posts/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts"/>
<link href="/posts/arch/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Arch"/>
<link href="/posts/gemini/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Gemini"/>
<link href="/posts/jigsaw/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Jigsaw"/>
<link href="/posts/laravel/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Laravel"/>
<link href="/posts/linux/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Linux"/>
<link href="/posts/markdown/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Markdown"/>
<link href="/posts/netlify/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Netlify"/>
<link href="/posts/nextcloud/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About Nextcloud"/>
<link href="/posts/php/atom.xml" type="application/atom+xml" rel="alternate" title="The Home of David T. Sadler - All Posts About PHP"/>
</head>
<body>
<section><h1>HTTP_AUTHORIZATION Missing From Global $_SERVER Variable</h1><blockquote>Thu 8th July 2021 By David T. Sadler.</blockquote><p>I came across an issue where I wanted to read the value of the HTTP_AUTHORIZATION key found in PHP's global $_SERVER variable.</p><pre><code class="php">$token = filter_input(INPUT_SERVER, 'HTTP_AUTHORIZATION');</code></pre><p>However the value of null was been returned even though a Authorization header was passed as part of the HTTP request.</p><pre><code class="shell">$ curl 127.0.0.1:8080/bookmarks/add -i -H "Authorization:Bearer xyz" -d "url=http://example.com/2"</code></pre><p>A quick print_r($_SERVER) confirmed that there was indeed no item for the key HTTP_AUTHORIZATION hence why I was getting a null value.</p><p>However the value was available with the getallheaders function.</p><pre><code class="php">$token = getallheaders()['Authorization']);</code></pre><p>After a bit of research I found that in some situations Apache may not pass authorization headers to PHP for security reasons. However it is possible to work around this by creating a rewrite rule in the site's .htaccess file to put the authorization header into an environment variable.</p><pre><IfModule mod_rewrite.c>
# Handle Authorization Header.
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule></pre><p>After adding the above to the .htaccess file the HTTP_AUTHORIZATION key is now been populated with the value of the Authorization header.</p><h3>Links</h3><a href="/posts/php">PHP - Read More Posts.</a><p>I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.</p><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p><a href="/">Return to Homepage.</a></section>
<script defer src="/js/highlight.min.js"></script>
<script defer src="/js/site.js"></script>
</body>
</html>
|
