Menu
I'm sending an Ajax request to my PHP/Apache server. The request contains an Authorization header, as shown below in a screenshot from my browser's dev tools:
When testing against my local Apache server, I can access the Authorization header fine from PHP using apache_request_headers(). However, on my production server (on shared Linux hosting) the header is missing from the array returned from apache_request_headers, which looks like this:
array(10) {
["Cookie"] => string(31) "_ga=GA1.2.1071821587.1446317606"
["Accept-Language"] => string(14) "en-US,en;q=0.8"
["Accept-Encoding"] => string(19) "gzip, deflate, sdch"
["Referer"] => string(27) "http://goaunited.com/admin/"
["User-Agent"] => string(110) "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36"
["Accept"] => string(33) "application/json, text/plain, */*"
["Cache-Control"] => string(8) "no-cache"
["Pragma"] => string(8) "no-cache"
["Connection"] => string(5) "close"
["Host"] => string(13) "goaunited.com"
}
Why is the Authorization header not included in the apache_request_headers() response on my production server? What could be causing it to be omitted?
579
After some quick search found setting a rewrite rule works
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
Can anyone tell me what it does ?
89
Yep..
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
or
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
..in .htaccess works for me..
13
I edited my .htaccess file as below. Then adding the last line solved the issue.
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ %{ENV:BASE}index.php [QSA,L]
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
