I'm implementing a JWT for secure my API. my front-end is coded with Angular and the back-end with PHP.
I have a problem with the authorization set in the header. I'm sending a request to the server with the JWT that I stored but I don't know really how the back-end read that header
users.get = function(project){
var req = {
method: 'GET',
url: Global.url_api+'action=GET&table='+project+'_users',
headers: {
'Authorization': 'Bearer '+localStorage.getItem('tokenAPI')
}
}
console.log(req);
return $http(req);
My server isn't able to read that header, the Authorization variable is set to "NULL"
I'm trying to read with :
var_dump($_SERVER['HTTP_AUTHORIZATION']);
Here is my request in the browser :
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Host:
Origin: http://evil.com/
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36
It's looking like there is no authorization set in the header, but my token is generated and stored by the client with the following:
if(response.status == 200){ //Status 200 : Everything OK
var jwt_token = response.data.jwt;
localStorage.setItem('tokenAPI',jwt_token); //Set the token sent by server in localStorage
$scope.credentials = true; //Set visible the tab
