All geek questions in one place

Authorization header and apache_request_headers function

I went on a trip to make apache_request_headers () work on my server. I upgraded to the latest version of PHP 5.4 and changed my PHP handler to FastCGI, as this allows you to run the apache_request_headers () function. I would prefer not to run PHP as an apache module due to permission problems.

Everything works fine with my new setup, but the only problem is that apache_request_headers () doesn't seem to pick up the "Authorization" header that I need for my OAuth 2 server.

The title I am posting is:

Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

However, if I send the following header (or something other than "Authorization"), it works:

 X-Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Frustrated ... Any ideas on how I can make this work?

+4
source share
2 answers

After some extra digging, I found the following. This eliminates the need for apache_request_headers () in general unless you use the FastCGI PHP handler or use PHP as the apache module.

 <IfModule mod_rewrite.c> RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] </IfModule>

In a separate note, the other header I needed was a Content-Type, which I could only get in apache_request_headers (). May be useful for someone :)

 RewriteRule .* - [E=HTTP_CONTENT_TYPE:%{HTTP:Content-Type}]
+11
source

Also, when using php with Fast CGI and FPM the following trick:

 <VirtualHost *:80> ... # other configuration FastCgiExternalServer {other parameters} -pass-header Authorization ... # further configuration </VirtualHost>

This eliminates the need for a rewrite rule. I found that my solution works when the RewriteRule solution does not work: It can come from the apache I used for haproxy, but the authorization header was somehow "renamed" (by whom / what?) REDIRECT_HTTP_AUTHORIZATION instead of HTTP_AUTHORIZATION .

Hope this helps.

0
source

Source: https://habr.com/ru/post/1498777/

More articles:


All Articles