发表新帖
发表新帖

Request headers bag is missing Authorization header in Symfony 2?

前端 未结
关注
8 1456
别那么骄傲
别那么骄傲 2020-11-29 01:30

I\'m trying to implement a custom authentication provider in Symfony 2. I\'m sending a test request using Fiddler and printing all headers server side; well, Authoriza

相关标签:
8条回答
  • 眼角桃花
    2020-11-29 01:31

    Another option that worked for Apache 2.4 when other options did not was to set the CGIPassAuth option in the relevant <Directory> context, like this:

    CGIPassAuth On

    According to the documentation, it is available since Apache 2.4.13.

    0 讨论(0)
  • 南方客
    2020-11-29 01:35

    The verified solution worked for me at the time to get the Authorization header through. However, it generated an empty Authorization header when there was none in the incoming request. This is how I solved it:

    RewriteEngine On
RewriteCond %{HTTP:Authorization} .+
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    0 讨论(0)
  • 南方客
    2020-11-29 01:35

    I had the same problem when writing a public API with custom Authorization header. To fix the HeaderBag I used a listener:

    namespace My\Project\Frontend\EventListener;

use Symfony\Component\HttpFoundation\HeaderBag;

use Symfony\Component\HttpKernel\Event\GetResponseEvent;

/**
 * Listener for the REQUEST event. Patches the HeaderBag because the
 * "Authorization" header is not included in $_SERVER
 */
class AuthenticationHeaderListener
{
    /**
     * Handles REQUEST event
     *
     * @param GetResponseEvent $event the event
     */
    public function onKernelRequest(GetResponseEvent $event)
    {
        $this->fixAuthHeader($event->getRequest()->headers);
    }
    /**
     * PHP does not include HTTP_AUTHORIZATION in the $_SERVER array, so this header is missing.
     * We retrieve it from apache_request_headers()
     *
     * @param HeaderBag $headers
     */
    protected function fixAuthHeader(HeaderBag $headers)
    {
        if (!$headers->has('Authorization') && function_exists('apache_request_headers')) {
            $all = apache_request_headers();
            if (isset($all['Authorization'])) {
                $headers->set('Authorization', $all['Authorization']);
            }
        }
    }
}

    and bound it to kernel.request in the service definition:

    services:
  fix_authentication_header_listener:
    class: My\Project\Frontend\EventListener\AuthenticationHeaderListener
    tags:
      - { name: kernel.event_listener, event: kernel.request, method: onKernelRequest, priority: 255 }
    0 讨论(0)
  • 无人及你
    2020-11-29 01:36

    Authorization header is used for http basic authentication which is discarded by apache if not in valid format. Try using another name.

    0 讨论(0)
  • 夕颜
    2020-11-29 01:38

    You must add this code to a virtualhost tag

    It will not work if you put it in a Directory tag.

        RewriteEngine On
    RewriteCond %{HTTP:Authorization} ^(.*)
    RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
    0 讨论(0)
  • 再見小時候
    2020-11-29 01:45

    Akambi's answer didn't work for me, but found this answer in the php website:

    "Workaround for missing Authorization header under CGI/FastCGI Apache:

    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

    Now PHP should automatically declare $_SERVER[PHP_AUTH_*] variables if the client sends the Authorization header."

    Thanks derkontrollfreak+9hy5l!

    0 讨论(0)
 看不清?
提交回复
热议问题