0

Trying to fetch Authorization from the page header. I have tried some solutions found in this site, but its not getting. Below is my example code

header('Authorization: Token '.sha1("test123"));
var_dump(apache_request_headers());
exit;

Is it possible to fetch Authorization from header? or anyother method to fetch it?

Amiyar
  • 83
  • 1
  • 12
  • Please check this answer by @deepwinter [Fetching custom Authorization header from incoming PHP request](http://stackoverflow.com/questions/2902621/fetching-custom-authorization-header-from-incoming-php-request/16311684#16311684) – chirag Sep 20 '16 at 11:28
  • @chirag, thanks for your reply but i tried that method too. No result – Amiyar Sep 20 '16 at 12:31
  • can anyone help me with this please ? – Amiyar Sep 21 '16 at 04:59

1 Answers1

1

I would have added comment, but reputation does not allow it.

I've had this issue a long time ago, and believe it was related to PHP/Apache config. The Authorization headers are stripped before they get to your application in certain PHP/Apache configurations . Solution was to add rewriting to .htaccess (or the virtual server).

I dont remember the specifics of my resolution, but adding this to your .htaccess may help:

RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

I have another application (Symfony framework) that uses this instead:

RewriteEngine On    
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Have you also tried Basic Authorization - to see if that is working? Create a header like this:

    $username = 'username';
    $password = 'password';

    $auth = base64_encode($username.':'.$password);
    $auth_header = 'Basic '.$auth;

If you used the above code, the $auth_header will be "Basic dXNlcm5hbWU6cGFzc3dvcmQ="

and your full header would be 'Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ='

if you send that in your header, in PHP you can use:

    var_dump('username is: '.$_SERVER['PHP_AUTH_USER'] . ' and password is: ' . $_SERVER['PHP_AUTH_PW']);

This might at least point you in the right direction.

Another thing I see, is that your test code above looks to me like you are setting a response header, but var_dumping the request header? I'm assuming your tests involve a separate file/application/browser sending a real request which you are attempting to dump.

I've also found that when using Basic Authorization, the browser may send an OPTIONS pre-flight request, that may also need to be handled server-side before the subsequent authorization request gets sent.

laney
  • 339
  • 1
  • 7