Request headers bag is missing Authorization header in Symfony 2?

前端 未结 8 1467
别那么骄傲
别那么骄傲 2020-11-29 01:30

I\'m trying to implement a custom authentication provider in Symfony 2. I\'m sending a test request using Fiddler and printing all headers server side; well, Authoriza

相关标签:
8条回答
  • 2020-11-29 01:31

    Another option that worked for Apache 2.4 when other options did not was to set the CGIPassAuth option in the relevant <Directory> context, like this:

    CGIPassAuth On
    

    According to the documentation, it is available since Apache 2.4.13.

    0 讨论(0)
  • 2020-11-29 01:35

    The verified solution worked for me at the time to get the Authorization header through. However, it generated an empty Authorization header when there was none in the incoming request. This is how I solved it:

    RewriteEngine On
    RewriteCond %{HTTP:Authorization} .+
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    
    0 讨论(0)
  • 2020-11-29 01:35

    I had the same problem when writing a public API with custom Authorization header. To fix the HeaderBag I used a listener:

    namespace My\Project\Frontend\EventListener;
    
    use Symfony\Component\HttpFoundation\HeaderBag;
    
    use Symfony\Component\HttpKernel\Event\GetResponseEvent;
    
    /**
     * Listener for the REQUEST event. Patches the HeaderBag because the
     * "Authorization" header is not included in $_SERVER
     */
    class AuthenticationHeaderListener
    {
        /**
         * Handles REQUEST event
         *
         * @param GetResponseEvent $event the event
         */
        public function onKernelRequest(GetResponseEvent $event)
        {
            $this->fixAuthHeader($event->getRequest()->headers);
        }
        /**
         * PHP does not include HTTP_AUTHORIZATION in the $_SERVER array, so this header is missing.
         * We retrieve it from apache_request_headers()
         *
         * @param HeaderBag $headers
         */
        protected function fixAuthHeader(HeaderBag $headers)
        {
            if (!$headers->has('Authorization') && function_exists('apache_request_headers')) {
                $all = apache_request_headers();
                if (isset($all['Authorization'])) {
                    $headers->set('Authorization', $all['Authorization']);
                }
            }
        }
    }
    

    and bound it to kernel.request in the service definition:

    services:
      fix_authentication_header_listener:
        class: My\Project\Frontend\EventListener\AuthenticationHeaderListener
        tags:
          - { name: kernel.event_listener, event: kernel.request, method: onKernelRequest, priority: 255 }
    
    0 讨论(0)
  • 2020-11-29 01:36

    Authorization header is used for http basic authentication which is discarded by apache if not in valid format. Try using another name.

    0 讨论(0)
  • 2020-11-29 01:38

    You must add this code to a virtualhost tag

    It will not work if you put it in a Directory tag.

        RewriteEngine On
        RewriteCond %{HTTP:Authorization} ^(.*)
        RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
    
    0 讨论(0)
  • 2020-11-29 01:45

    Akambi's answer didn't work for me, but found this answer in the php website:

    "Workaround for missing Authorization header under CGI/FastCGI Apache:

    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
    

    Now PHP should automatically declare $_SERVER[PHP_AUTH_*] variables if the client sends the Authorization header."

    Thanks derkontrollfreak+9hy5l!

    0 讨论(0)
提交回复
热议问题