I am sending a header to the server with the following request headers:
Host: xx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: xx.com
Authorization: Bearer mytoken1234
X-Requested-With: XMLHttpRequest
Connection: keep-alive
In my php file, I am trying to view the headers using var_dump (), and it shows the following:
["HTTP_ACCEPT"]=>
string(74) "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
["HTTP_ACCEPT_ENCODING"]=>
string(13) "gzip, deflate"
["HTTP_ACCEPT_LANGUAGE"]=>
string(23) "en-US,en;q=0.8,fi;q=0.6"
["HTTP_AUTHORIZATION"]=>
string(0) ""
["HTTP_CACHE_CONTROL"]=>
string(9) "max-age=0"
["HTTP_CONNECTION"]=>
string(10) "keep-alive"
["HTTP_COOKIE"]=>
string(71) "cpsession=scocta5%3aBcbKZGvPoUCv2Yhb%2c2dc8a5c3bd6713b6ab029f16a46980e7"
I tried adding the following lines to my .htaccess:
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
or
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
Without these settings, the authorization header was not shown at all on var_dump (), but now it's just a string (0) "". Why does my server not receive the contents of the authorization header?
source
share