Authorization header is empty on PHP var_dump()

Question

I'm sending a header to server with the following request headers:

Host: xx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: xx.com
Authorization: Bearer mytoken1234
X-Requested-With: XMLHttpRequest
Connection: keep-alive

On my php file I'm trying to view the headers with var_dump() and it shows following:

["HTTP_ACCEPT"]=>
  string(74) "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
 ["HTTP_ACCEPT_ENCODING"]=>
  string(13) "gzip, deflate"
  ["HTTP_ACCEPT_LANGUAGE"]=>
  string(23) "en-US,en;q=0.8,fi;q=0.6"
  ["HTTP_AUTHORIZATION"]=>
  string(0) ""
  ["HTTP_CACHE_CONTROL"]=>
  string(9) "max-age=0"
  ["HTTP_CONNECTION"]=>
  string(10) "keep-alive"
  ["HTTP_COOKIE"]=>
  string(71) "cpsession=scocta5%3aBcbKZGvPoUCv2Yhb%2c2dc8a5c3bd6713b6ab029f16a46980e7"

I tried adding following lines to my .htaccess:

   SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

or

   RewriteEngine On
   RewriteCond %{HTTP:Authorization} ^(.*)
   RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

Without these settings, Authorization header was not showing on var_dump() at all but now it's just string(0) "". Why isn't my server getting the Authorization header content?

Answer 1

You need to add this code into your .htaccess

RewriteEngine On
RewriteRule .* - [e=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Then you will be able to get the Authorization code by using $_SERVER['HTTP_AUTHORIZATION']

---

Please, see the original post: https://stackoverflow.com/a/46323802/9492722 to have more information.