Symfony missies “Authorization” header when PHP run as module

Question

This has been asked before, but. I'm trying to implement JWT token auth with PHP 7 on apache 2.4. The script (symfony) never sees the Authorization header.

I've read Apache strips down "Authorization" header and already added:

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

to no avail. mod_rewrite is enabled and php loaded as module.

My simple test case is

curl --header "Authorization: Bearer eyJ0....." http://localhost/test.php

I'm totally lost as to what else could potentially be needed to get the Authorization header into php?

Update

Thanks to Olaf Dietsche I've found that the header is present via apache_request_headers(). So the HTTP_AUTHORIZATION is not part of $_SERVER but can be accessed using the Apache functions. I've opened https://github.com/symfony/symfony/issues/19693 and https://bugs.php.net/bug.php?id=72915 for further investigation.

Why do you think Apache removes this header? How do you retrieve it? — Olaf Dietsche, Aug 21 '16 at 16:55
I'm dumping `$request->headers` and have move additional code into `ServerBag`. Everything is there- but not the `Authorization` header. As soon as I use another header name it's there, too. — andig, Aug 21 '16 at 16:57
Have you also looked into [apache_request_headers()](http://php.net/manual/en/function.apache-request-headers.php)? Maybe Symfony ignores the header. — Olaf Dietsche, Aug 21 '16 at 16:59

Symfony missies “Authorization” header when PHP run as module

0 Answers0