I have the following code in a Laravel BaseController. I want to protect all my api resources Authorizationwith a token header .
public function __construct()
{
$this->beforeFilter('@getUserFromToken');
}
public function getUserFromToken($route, $request)
{
$accessToken = Request::header('Authorization');
if(!empty($accessToken)){
$this->currentUser = User::findByToken($accessToken);
}else{
return Request::header('Authorization');
return Response::json(['error'=>'Not authorized. Access token needed in Header.Authorization'], 403);
}
}
Here is my .htaccess, if relevant.
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
RewriteRule ^(.*)/$ /$1 [L,R=301]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
So, if I have a noticeable problematic line, Apache will read everything completely. And I will return my answers and do not receive 403. However, if I do not have this line, I get an error 403with my custom error message. WHAT FOR? Obviously, I am using the same code $this->currentUser = User::findByToken($accessToken);, why, having left the highlighted line, can I get the header? Is there a redirect behind the scene that sets the title Authorizationsomehow only for the second time? Is there a parameter that I skipped for apache to pick up the header for the first time?
UPDATE:
, : return Response::json(['error'=>'Not authorized. Access token needed in Header.Authorization'], 403);, json. $accessToken . ?
:
, Authorization? :
$accessToken = Request::header('Custom-Token');
if(!empty($accessToken)){
$this->currentUser = User::findByToken($accessToken);
}else{
return Response::json(['error'=>'Not authorized. Access token needed in Header.Authorization'], 403);
}
. , "" Laravel?
, : laravel 4: Request:: header() ?
: Authorization , php artisan serve, php dev.