0

I have set custom HTTP Headers in my JQuery ajax request like this:

url:BASEURL+"path/to/my_api/endpoint.php",
headers:{
    'Authorization':'Basic',
    'App-Version':'1.3',
    'Key':'123456',
    'secret':'090909'
}

I would like to be able to read those in the target php scrip. I tried :

print_r(getallheaders());

but the printed array is this:

Array
(
    [Host] => localhost
    [Connection] => keep-alive
    [Content-Length] => 153
    [Accept] => application/json, text/javascript, */*; q=0.01
    [Origin] => http://localhost
    [X-Requested-With] => XMLHttpRequest
    [User-Agent] => Mozilla/5.0 (BB10; Touch) AppleWebKit/537.10+ (KHTML, like Gecko) Version/10.0.9.2372 Mobile Safari/537.10+
    [Content-Type] => application/x-www-form-urlencoded
    [Sec-Fetch-Site] => same-origin
    [Sec-Fetch-Mode] => cors
    [Referer] => http://localhost/maxiko/application/test/index.html
    [Accept-Encoding] => gzip, deflate, br
    [Accept-Language] => en-US,en;q=0.9
    [Cookie] => _ga=GA1.1.1030525951.1577774346; PHPSESSID=tm0ltrbt8op7bkksvh7mj9rdvs
)

it doesn't contain my custom key-value pairs. So how can I achieve this??

CliffTheCoder
  • 394
  • 1
  • 4
  • 24
  • 2
    are you sure you are passing the headers? Try the developer console of the browser to be sure your header values are in the request – Giacomo M Jan 19 '20 at 10:02
  • Positive. And to be precise, I am trying kind of trying to develop my own api and those fields were supposedly the API_KEY and SECRET and when read in the php code, they were supposed to be matched against registered API access credentials in my API database. Hope this makes sense – CliffTheCoder Jan 19 '20 at 10:08
  • Try with `$_SERVER` array, it contain also the headers or with the `get_headers` function – Giacomo M Jan 19 '20 at 10:19
  • 1
    see this question might help : https://stackoverflow.com/questions/41723138/ajax-response-cannot-read-all-the-headers-from-the-response –  Jan 19 '20 at 10:27

1 Answers1

0

I tried adding a print_r(getallheaders()); in one of my own projects and sent a secret header using postman. It printed out fine. If you are absolutely certain the header is being sent then my guess is that you are running php as a cli (from apache or nginx) and not as an apache module. Try looking in $_SERVER['HTTP_SECRET'] it might already contain the header. But it's hard to provide a solution without knowing what you are running (apache, nginx) or seeing your config.

kaan_a
  • 3,503
  • 1
  • 28
  • 52