Home » Php » php – 'Authorization' header sent with request, but missing from apache_request_headers()

php – 'Authorization' header sent with request, but missing from apache_request_headers()

Posted by: admin July 12, 2020 Leave a comment

Questions:

I’m sending an Ajax request to my PHP/Apache server. The request contains an Authorization header, as shown below in a screenshot from my browser’s dev tools:

enter image description here

When testing against my local Apache server, I can access the Authorization header fine from PHP using apache_request_headers(). However, on my production server (on shared Linux hosting) the header is missing from the array returned from apache_request_headers, which looks like this:

array(10) {
  ["Cookie"] => string(31) "_ga=GA1.2.1071821587.1446317606"
  ["Accept-Language"] => string(14) "en-US,en;q=0.8"
  ["Accept-Encoding"] => string(19) "gzip, deflate, sdch"
  ["Referer"] => string(27) "http://goaunited.com/admin/"
  ["User-Agent"] => string(110) "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36"
  ["Accept"] => string(33) "application/json, text/plain, */*"
  ["Cache-Control"] => string(8) "no-cache"
  ["Pragma"] => string(8) "no-cache"
  ["Connection"] => string(5) "close"
  ["Host"] => string(13) "goaunited.com"
}

Why is the Authorization header not included in the apache_request_headers() response on my production server? What could be causing it to be omitted?

How to&Answers:

After some quick search found setting a rewrite rule works

 <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
 </IfModule>

Can anyone tell me what it does ?

Answer:

Yep..

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

or

SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

..in .htaccess works for me..

Answer:

I edited my .htaccess file as below. Then
adding the last line solved the issue.

    RewriteEngine On 
    RewriteCond %{REQUEST_FILENAME} !-f 
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ %{ENV:BASE}index.php [QSA,L]
    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0