Вопрос
I came across a very weird issue.
I'm using postman to send HTTP requests for some rest service i wrote in PHP. I've been testing it in my development server without any issue. And then it was ready to go to production server. After deploy, I noticed i couldn't authenticate. I'm using Basic HTTP Authentication over SSL.
After digging into it, i noticed the header wasn't reaching my code. A var_dump(apache_request_headers()), didn't show "Authorization" header, but then i enabled mod_forensic, and recorded that same request. The header was set in forensic_log, but isn't set in php headers.
I'm on Cpanel/WHM, Apache/2.4.9, PHP 5.5.10. Also tested with Apache 2.2.x and php 5.4.x in the same server.
There is a copy of the request:
https://stackoverflow.com/questions/22562034
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian+Uyw0q60sJjwAAFodDcIAAAAC|GET /pt_BR/webservice/product HTTP/1.1|Host:www.website.com.br|Connection:keep-alive|User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.152 Safari/537.36|Cache-Control:no-cache|Content-Type:application/json|Authorization:Basic Zmhjc0BsaXZlLmNvbTo2NzY2MTI1NTEzNjcxOTQxMjEzNjgxMDcxMDg2MDcwNA==|Postman-Token:e87e4305-08b8-6868-69d6-9132ff741f6f|Accept:*/*|Accept-Encoding:gzip,deflate,sdch|Accept-Language:en-US,en;q=0.8,pt-BR;q=0.6,pt;q=0.4
and the var_dump(apache_request_headers()):
array(10) {
["Content-Type"]=>
string(16) "application/json"
["Accept"]=>
string(3) "*/*"
["Accept-Encoding"]=>
string(17) "gzip,deflate,sdch"
["Accept-Language"]=>
string(35) "en-US,en;q=0.8,pt-BR;q=0.6,pt;q=0.4"
["Cache-Control"]=>
string(8) "no-cache"
["Connection"]=>
string(10) "keep-alive"
["Cookie"]=>
string(42) "PHPSESSID=a00f255f7e96b25f34f84670fbb8362e"
["Host"]=>
string(21) "www.website.com.br"
["Postman-Token"]=>
string(36) "b1d04f7f-89b3-e7fd-3841-9850f5ff1916"
["User-Agent"]=>
string(105) "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.152 Safari/537.36"
}
Решение
Maybe your production server is running PHP as FastCGI?
Referencing a FAQ page of a German hoster there exists an inconsistency in naming the concerned http variable in this case.
This mod_rewrite rule should fix this issue then:
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
If you are running PHP as apache2 module, this does not help.
