How can i get "HTTP_AUTHORIZATION" key in $_SERVER variable?

Question

I have defined the rule into .htaccess like this:

# Ensure Authorization header is passed along
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

And I have passed "Authorization Bearer Token" into HTTP request like below:

:authority: demo.com
:method: POST
:path: /data-list
:scheme: https
accept: application/json, text/plain, */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,hi-IN;q=0.8,hi;q=0.7,gu-IN;q=0.6,gu;q=0.5
authorization: Bearer IiwiZGVzdCI6Imh0dHBzOlwvXC93Yy1rdW5hbGcubXlzaG9waWZ5LmNvbSIsImF1ZCI6ImI4NzMyYTZkNjcyMGFiNjNlN2IwZTRkNDExNzVhNTZlIiwic3ViIjoiNDQ1MDIxMjI2MjkiLCJleHAiOjE2NDg0NDEwODYsIm5iZiI6MTY0ODQ0MTAyNiwiaWF0IjoxNjQ4NDQxMDI2LCJqdGkiOiIyMjZiM2
content-length: 22
content-type: application/x-www-form-urlencoded
dnt: 1
origin: https://demo.com
referer: https://demo.com/data?hmac=18dc09298e1bd09d95c02ada793f57140804bf42380be07&host=d2Mta3VuYWxnLm15c2lmeS5jb20vYWRtaW4&locale=en-IN&session=55bfc54daf6945e3ca50b2da7f5830d88dcfcb8f4d103b97518166d9fd7b00c9&shop=demo.com&timestamp=1648441021
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="99", "Google Chrome";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-origin
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.82 Safari/537.36

But, using PHP variable $_SERVER or any other PHP variables I am not getting "authorization: Bearer Token".

I am using a digital ocean server for this.

I have tried PHP variables like $_SERVER or any other PHP variables that get "authorization: Bearer Token".

I am getting blank array response for printing $_SERVER['HTTP_AUTHORIZATION'].

Is there any information that I am missing?

score 1 · Answer 1 · answered Mar 28 '22 at 10:02

1

Works fine for me with this code in .htaccess :

    RewriteCond %{HTTP:Authorization} .+
    RewriteRule ^ - [E=HTTP_AUTHORIZATION:%0]

answered Mar 28 '22 at 10:02

svgta

343
1
6

Sorry, it didn't work my friend.....@svgta – Hitesh Vaghani Mar 28 '22 at 10:13

emrdev · Answer 2 · 2022-03-28T08:13:24.293

0

I tried to reproduce the issue but didn't get any error. Try to make the same request.

HTTP-Request

POST /data-list
Host: demo.com
authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9XXXXXXX

In PHP

function getToken(){
    $bearerToken = null;
    if (isset($_SERVER['AUTHORIZATION'])) {
        $bearerToken = $_SERVER['AUTHORIZATION'];
    }elseif (isset($_SERVER['HTTP_AUTHORIZATION'])) { //Nginx or fast CGI
        $bearerToken = $_SERVER["HTTP_AUTHORIZATION"];
    }elseif (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
       $bearerToken = $_SERVER["REDIRECT_HTTP_AUTHORIZATION"];
    }
   return $bearerToken;  
}

echo getToken(); // This returned a Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9XXXXXXX

edited Mar 28 '22 at 08:13

answered Mar 28 '22 at 06:24

emrdev

2,155
3
9
15

Sorry, @Harvi dent, but it didn't work. I didn't get any "AUTHORIZATION" variable :( – Hitesh Vaghani Mar 28 '22 at 07:42
@HiteshVaghani I changed my answer, try calling the `getToken()` function from my answer again, maybe the token is in `$_SERVER["REDIRECT_HTTP_AUTHORIZATION"]`. If it doesn't work, post the result of print_r($_SERVER); – emrdev Mar 28 '22 at 08:15
Sorry, @Harvi dent, I didn't see any key that includes the "AUTHORIZATION" word. – Hitesh Vaghani Mar 28 '22 at 08:39

How can i get "HTTP_AUTHORIZATION" key in $_SERVER variable?

2 Answers2