Menu
I've been on a journey to getting apache_request_headers() working on my server. I have upgraded to the latest stable of PHP 5.4 and changed my PHP handler to FastCGI as this allows you to run the apache_request_headers() function. I'd rather not run PHP as an apache module due to permission issues.
Everything works fine with my new set-up but the only issue is that apache_request_headers() does not seem to pick up the "Authorization" header which I require for my OAuth 2 server.
The header I am sending is:
Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
However, if I send the following header (or anything other than 'Authorization'), it works:
X-Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Frustrating... Any ideas on how I can get this working?
903
After some more digging I found the following. It removes the need for the apache_request_headers() altogether if you aren't using the FastCGI PHP handler or not running PHP as an apache module.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
On a separate note, another header I was needing was Content-Type which I was only able to get in the apache_request_headers() function. Might be helpful for someone :)
RewriteRule .* - [E=HTTP_CONTENT_TYPE:%{HTTP:Content-Type}]
Also, when using php with Fast CGI and FPM, the following is doing the trick:
<VirtualHost *:80>
... # other configuration
FastCgiExternalServer {other parameters} -pass-header Authorization
... # further configuration
</VirtualHost>
It removes the need for rewrite rule.
I found my solution to work when the RewriteRule solution did not work:
It may come from the apache I used being behind a haproxy, but the Authorization header was somehow "renamed" (by who/what?) REDIRECT_HTTP_AUTHORIZATION instead of HTTP_AUTHORIZATION.
Hope this helps.
31
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
