Menu
I've been trying to receive HTTP requests with custom fields in the headers but it seems like my server removes them...
This is the request that I am sending to the server (I read that request with a HTTP Proxy) :
POST /oauth.php/request_token HTTP/1.1
Host: domain.com
User-Agent: DearStranger/1.0 CFNetwork/485.12.7 Darwin/10.6.0
Authorization: OAuth realm="", oauth_consumer_key="ebb942f0d260b06cb533c6133c28408004d343197", oauth_signature_method="HMAC-SHA1", oauth_signature="qPBFAa8XRRbor2%2F%2FQXv6kU3%2F7jU%3D", oauth_timestamp="1295278460", oauth_nonce="E7D6AC76-74CE-4951-8182-7EBF9B382E7E", oauth_version="1.0"
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Pragma: no-cache
Content-Length: 0
Connection: keep-alive
Proxy-Connection: keep-alive
I printed the headers of the request when I arrive on my page.php. I see that :
uri http://domain.com/oauth.php/request_token
parameters
headers Array
.... Accept : */*
.... Accept-Encoding : gzip, deflate
.... Accept-Language : en-us
.... Connection : keep-alive
.... Host : domain.com
.... User-Agent : DearStranger/1.0 CFNetwork/485.12.7 Darwin/10.6.0
method POST
when I should be seeing that (it is working on a local version)
uri http://localhost:8888/oauth.php/request_token
parameters
headers Array
.... Accept : */*
.... Accept-Encoding : gzip, deflate
.... Accept-Language : en-us
.... Authorization : OAuth realm="", oauth_consumer_key="582d95bd45d455fa2e5819f88fc0c5a104d2c7ff3", oauth_signature_method="HMAC-SHA1", oauth_signature="agPSFdtlGxXv2sbrz3pRjHlROOE%3D", oauth_timestamp="1295272680", oauth_nonce="667A133C-5071-48AB-9F13-8146425E46B7", oauth_version="1.0"
.... Connection : keep-alive
.... Content-Length : 0
.... Host : localhost:8888
.... User-Agent : DearStranger/1.0 CFNetwork/485.12.7 Darwin/10.6.0
method POST
I am using php 5.2.17 on the server.
Do you have any idea to help me fix that issue?
Thanks!
640
Custom HTTP headers can be used to filter requests or specify a value for the Accept header.
Custom HTTP Headers can be important in applications that need to explicitly manipulate headers either for system and security purposes, or for application specific messaging that provides app specific information to the caller which is not uncommon for API based implementations.
Open the Internet Information Services (IIS) Manager via Start → Administrative Tools → IIS Manager. Click on HTTP Response Headers. Click on Add... in the Actions panel. Close the IIS Manager after confirmation.
It is a request type header and is an alternative and de-facto standard version of the Forwarded header which is used when a client connects to a web server through an HTTP proxy or load balancer for identifying the original IP address. It is a request-type header.
Actually, there is a pretty easy fix. The fault lays with fastcgi. You can just provide an .htaccess file with a rewrite rule to save the header.
<IfModule mod_rewrite.c>
...
# Pass Authorization headers to an environment variable
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
Credit goes here: https://drupal.org/node/1365168
They also talk about an even simpler solution to let these headers pass through, if you are using a virtual host.
96
Apache strips the Authentication header because it's a security risk, when used with CGI. Are you using PHP through CGI?
I think PHP also strips Authentication in some circumstances. Again, there's a risk that exposing it to scripts will allow one users' code to sniff other users' on the same server (e.g., if Alice and Bob both have accounts).
26
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
