2

I'm implementing Authentication in API using Lumen framework. I'm passing api_token in the header on localhost it's working fine. while uploading on Linux Server, it gives a null value in api_token header. I'm using postman to check the response

Here's my AuthMiddleware@handle code to check the value.

echo $request->header("api_token");

I googled it most of the time and found that public/.htaccess changes required but not worked for me.

# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

on the end of my .htaccess

<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
    Options -MultiViews
</IfModule>

RewriteEngine On

# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]

# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]

# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>

I don't know how to configure apache2 for request headers.

Usman Hafeez
  • 357
  • 1
  • 7
  • 20

1 Answers1

4

The underscore should be avoided for the request header key. hyphen is more common and you should rename the request header key to api-token. According to Apache 2.4 new features:

Translation of headers to environment variables is more strict than before to mitigate some possible cross-site-scripting attacks via header injection. Headers containing invalid characters (including underscores) are now silently dropped. Environment Variables in Apache has some pointers on how to work around broken legacy clients which require such headers. (This affects all modules which use these environment variables.)

Ben
  • 5,069
  • 4
  • 18
  • 26