5

I've been on a journey to getting apache_request_headers() working on my server. I have upgraded to the latest stable of PHP 5.4 and changed my PHP handler to FastCGI as this allows you to run the apache_request_headers() function. I'd rather not run PHP as an apache module due to permission issues.

Everything works fine with my new set-up but the only issue is that apache_request_headers() does not seem to pick up the "Authorization" header which I require for my OAuth 2 server.

The header I am sending is:

Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

However, if I send the following header (or anything other than 'Authorization'), it works:

X-Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Frustrating... Any ideas on how I can get this working?

Improve this question
3
  • What OS are you using? I'm using Ubuntu 12.04 and PHP 5.5.5-1+debphp.org~precise+2 (cli), but when I test for the existence of "apache_request_headers" I get bool(false) returned. Commented Nov 4, 2013 at 21:15
  • See my answer below :) Worked it out. Commented Nov 5, 2013 at 16:43
  • I think it's because I was using mod_fastcgi w/ php-fpm. It seems to be pretty well known that that function doesn't exist when using that setup. I also need to get Access-Control-Allow-Origin and other headers to work, but have had no such luck. I don't need "Authorization" in my case I'm afraid. Commented Nov 5, 2013 at 17:10

2 Answers 2

Reset to default
13

After some more digging I found the following. It removes the need for the apache_request_headers() altogether if you aren't using the FastCGI PHP handler or not running PHP as an apache module.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>

On a separate note, another header I was needing was Content-Type which I was only able to get in the apache_request_headers() function. Might be helpful for someone :)

RewriteRule .* - [E=HTTP_CONTENT_TYPE:%{HTTP:Content-Type}]
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Also, when using php with Fast CGI and FPM, the following is doing the trick:

<VirtualHost *:80>
    ... # other configuration
    FastCgiExternalServer {other parameters} -pass-header Authorization
    ... # further configuration
</VirtualHost>

It removes the need for rewrite rule. I found my solution to work when the RewriteRule solution did not work: It may come from the apache I used being behind a haproxy, but the Authorization header was somehow "renamed" (by who/what?) REDIRECT_HTTP_AUTHORIZATION instead of HTTP_AUTHORIZATION.

Hope this helps.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.