Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

PHP not see Authorization header

I have an application which use OAtuth2, and I recognized that there is a problem with Authorization header. Because in php script I can't read this header.
The header is sent correctly(Firebug network):

Accept          application/json, text/plain, */*
Accept-Encoding gzip, deflate
Accept-Language pl,en-US;q=0.7,en;q=0.3
Authorization   Bearer 3213826ad9147747f3927feca675e3aeee7d0306
Cache-Control   max-age=0
Connection      keep-alive
Cookie          __utma=269300334.55671391.1445337979.1448456981.1453303397.4; __utmz=269300334.1453303397.4.3.utmcsr **strong text**=haynet.pl|utmccn=(referral)|utmcmd=referral|utmcct=/; _ga=GA1.2.55671391.1445337979; PHPSESSID=m3e64vsduq8vpacfhvnfka66k1; _gat=1
Host            pze2.biuro.netivo.pl
Referer         http://pze2.biuro.netivo.pl/
User-Agent      Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0

But when I'm calling getallheaders() function or apache_request_headers() function I don't see Authorization header,(response print from apache_request_headers()):

array(10) {
  ["Accept"]=>
  string(33) "application/json, text/plain, */*"
  ["Accept-Encoding"]=>
  string(13) "gzip, deflate"
  ["Accept-Language"]=>
  string(23) "pl,en-US;q=0.7,en;q=0.3"
  ["Cache-Control"]=>
  string(9) "max-age=0"
  ["Connection"]=>
  string(10) "keep-alive"
  ["Cookie"]=>
  string(230) "__utma=269300334.55671391.1445337979.1448456981.1453303397.4; __utmz=269300334.1453303397
.4.3.utmcsr=haynet.pl|utmccn=(referral)|utmcmd=referral|utmcct=/; _ga=GA1.2.55671391.1445337979; PHPSESSID
=m3e64vsduq8vpacfhvnfka66k1; _gat=1"
  ["Host"]=>
  string(20) "pze2.biuro.netivo.pl"
  ["Referer"]=>
  string(28) "http://pze2.biuro.netivo.pl/"
  ["User-Agent"]=>
  string(73) "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
  ["X-Prerender-Token"]=>
  string(20) "rVnH5kFzvZM1HbRkqZDU"
}

Dumping $_SERVER var not see header too.

I tried adding some directives in htacces, but it still does'nt work:

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

My entire htaccess file and apache vhost:

<IfModule mod_headers.c>
    RequestHeader set X-Prerender-Token "rVnH5kFzvZM1HbRkqZDU"
</IfModule>

<IfModule mod_rewrite.c>

    Options -Indexes
    RewriteEngine On

    Header add Access-Control-Allow-Origin: *
    Header add Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT"
    Header set Access-Control-Allow-Headers: "Authorization"


    # www => http
    RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
    RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

    <IfModule mod_proxy_http.c>
        RewriteCond %{HTTP_USER_AGENT} baiduspider|facebookexternalhit|twitterbot|rogerbot|linkedinbot|embedly|quora\ link\ preview|showyoubot|outbrain|pinterest|slackbot|vkShare|W3C_Validator [NC,OR]
        RewriteCond %{QUERY_STRING} _escaped_fragment_

        # Only proxy the request to Prerender if it's a request for HTML
        RewriteRule ^(?!.*?(\.js|\.css|\.xml|\.less|\.png|\.jpg|\.jpeg|\.gif|\.pdf|\.doc|\.txt|\.ico|\.rss|\.zip|\.mp3|\.rar|\.exe|\.wmv|\.doc|\.avi|\.ppt|\.mpg|\.mpeg|\.tif|\.wav|\.mov|\.psd|\.ai|\.xls|\.mp4|\.m4a|\.swf|\.dat|\.dmg|\.iso|\.flv|\.m4v|\.torrent|\.ttf|\.woff))(.*) http://service.prerender.io/http://pze2.biuro.netivo.pl/$2 [P,L]
    </IfModule>

    //Some rewrite rules making my app work

</IfModule>

<VirtualHost *:80>
        ServerName pze2.biuro.netivo.pl
        ServerAlias pze2.swmilib.pl
        DocumentRoot /var/www/pze2/

        CustomLog /var/log/apache2/pze2_access.log combined
        ErrorLog /var/log/apache2/pze2_error.log

        <IfModule log_forensic_module>
                ForensicLog /var/log/apache2/pze_forensic.log
        </IfModule>
</VirtualHost>

Please help, I have no idea why it's not working. Mayby it's server problem. If so tell me how to fix it. I have debian server with apache2.2.22 and PHP 5.6.13

like image 977
Manveru Avatar asked Feb 08 '16 10:02

Manveru


1 Answers

OK I found an answer. For those who will look up form solution, just add to your htaccess:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

In my case it helped.

like image 137
Manveru Avatar answered Oct 02 '22 18:10

Manveru