Menu
I'm currently trying to read the authorization header in a PHP script that I'm calling with a POST request. The Authorization header is populated with a token. It seems the Authorization header is somehow removed before it arrives at my PHP script. I'm executing the post request with Postman (Chrome addon) and I enabled CORS in my PHP script. I don't have access to the apache server directly.
HTTP Request:
Accept:*/* Accept-Encoding:gzip,deflate Accept-Language:de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4,ja;q=0.2 Authorization:Bearer mytoken Cache-Control:no-cache Connection:keep-alive Content-Length:32 Content-Type:text/plain;charset=UTF-8 Host:www.myhost.com Origin:chrome-extension://fdmmgilgnpjigdojojpjoooidkmcomcm User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36 PHP script:
header("Access-Control-Allow-Origin: *"); header("Access-Control-Allow-Headers: Authorization, Origin, X-Requested-With, Content-Type, Accept"); header("Content-Type: application/json"); $headers = getallheaders(); echo $headers['Authorization']; The above script outputs '' (= nothing).
316
To send a request with the Bearer Token authorization header, you need to make an HTTP request and provide your Bearer Token with the "Authorization: Bearer {token}" header. A Bearer Token is a cryptic string typically generated by the server in response to a login request.
This error means that your WordPress Permalink rules are not up-to-date. To fix the issue, you need to update the Permalink rules in your site's . htaccess file.
It is a simple authentication scheme built into the HTTP protocol. The client sends HTTP requests with the Authorization header that contains the word Basic, followed by a space and a base64-encoded(non-encrypted) string username: password. For example, to authorize as username / Pa$$w0rd the client would send.
After quite some time a found a solution to this problem. Somehow the Authorization header was stripped away. By adding the following lines in my .htaccess, I was able to get it to work.
RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] I had first to add this to my machines Apache config file:
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 On Linux in /etc/apache2/apache2.conf
On Mac using Homebrew in /usr/local/etc/httpd/httpd.conf
On Mac with "native" Apache: /private/etc/apache2/httpd.conf or: /etc/apache2/httpd.conf
Adding this to .htaccess didn't work for any reason:
RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
