'enable Apache http Authorization header
I write an API with PHP ZF2 they use HTTP Authorization. I fetch all HTTP Headers with apache_request_headers() (also tested with ZF2's $this->getRequest()->getHeaders()).
It works on my locale installed version. But on my server the HTTP Authorization Header are not available. My Browser Debug tool show me that the Authorization header properly send.
Both server are running with the same software: Ubuntu 14.04 with Apache2 (Server version: Apache/2.4.7 (Ubuntu)).
Enabled apache2 modules (auth_basic is enabled):
Is there a PHP ini setting to allow Authorization header?
edit 2015-05-13:
$headers = apache_request_headers();
if (isset($headers['Authorization'])) {
echo 'you are auth';
} else {
echo 'there is no Authorization';
}
On my locale system this returns 'you are auth', on the server 'there is no Authorization'. Tested with Postman app in Chrome browser.
edit 2015-05-14: I think it is an Apache2 topic.
How can i enable the Authorization header in Apache2?
Solution 1:[1]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
in the .htaccess solves the problem.
But i do not know why this is not necessary on my locale system.
Solution 2:[2]
As bitkorn suggested, you can add the following to your .htaccess:
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
If that doesn't solve your problem, then you can try the following:
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
However, something that must be mentioned is that if you're using either solution, you must access your header with the HTTP_AUTHORIZATION header. If you try to use Authorization it will be null.
Solution 3:[3]
Server: Almalinux 8, Panel: WHM/CPANEL;
The reason is apache. Something removes the header. To prevent;
Open httpd.conf
<VirtualHost>
# ...
Include "/etc/apache2/conf.d/userdata/*.conf"
# ...
</VirtualHost>
- place will be detected by apache. And create a special conf to prevent removed automatically.
nano /etc/apache2/conf.d/userdata/{username}.conf
Add this line;
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
Restart Apache;
service httpd restart
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | bitkorn |
| Solution 2 | Ricardo Yubal |
| Solution 3 | selcuk mart |