开发者

Fetching custom Authorization header from incoming PHP request

问答 作者:

So I'm trying to parse an incoming request in PHP which has the following header set:

Authorization开发者_Go百科: Custom Username

Simple question: how on earth do I get my hands on it? If it was Authorization: Basic, I could get the username from $_SERVER["PHP_AUTH_USER"]. If it was X-Custom-Authorization: Username, I could get the username from $_SERVER["HTTP_X_CUSTOM_AUTHORIZATION"]. But neither of these are set by a custom Authorization, var_dump($_SERVER) reveals no mention of the header (in particular, AUTH_TYPE is missing), and PHP5 functions like get_headers() only work on responses to outgoing requests. I'm running PHP 5 on Apache with an out-of-the box Ubuntu install.

For token based auth:

  $token = null;
  $headers = apache_request_headers();
  if(isset($headers['Authorization'])){
    $matches = array();
    preg_match('/Token token="(.*)"/', $headers['Authorization'], $matches);
    if(isset($matches[1])){
      $token = $matches[1];
    }
  }

If you're only going to use Apache you might want to have a look at apache_request_headers().

Add this code into your .htaccess

RewriteEngine On
RewriteRule .* - [e=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Pass your header like Authorization: {auth_code} and finally you get the Authorization code by using $_SERVER['HTTP_AUTHORIZATION']

Note: The above one is for apache, if you're using the nginx you don't need to update anything. you can get the value easily in nginx like:

if you are passing authorization key, you can get the key value by just putting the $_SERVER['HTTP_AUTHORIZATION']. just add HTTP_ as the prefix in $_SERVER for get anything like

postman_token => HTTP_POSTMAN_TOKEN
test_key => HTTP_TEST_KEY

Just use:

$headers = apache_request_headers();
$token = $headers['token'];

For background, why Apache filters away the Authorization header: https://stackoverflow.com/a/17490827

Solutions depending on which Apache module is used to pass the request to the application:

mod_wsgi, mod_fcgid:

  • https://stackoverflow.com/a/30310338

cgi:

  • https://stackoverflow.com/a/38175451

Other hacks - massaging the headers in this question:

  • Request headers bag is missing Authorization header in Symfony 2?

  • Apache 2.4 + PHP-FPM and Authorization headers

继续阅读:authorizationhttp-headersphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9