apache not allow authorization header ?
-
Dear,
I try to request with authorization header.
ex) Authorization: Bearer YWxhZGRpbjpvcGVuc2VzYW1lmy LAMP run as api server.
I try to put
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
in .htaccess
but not solve.maybe, apache not allow authorization header ?
Would you please any help ?
Regards,
-
I did a quick test by adding
LogLevel trace8to the apache config. Then, make a curl request -curl -H 'Authorization: Bearer YWxhZGRpbjpvcGVuc2VzYW1l' https://lamp.cloudron.space.I see that the header is coming through:
[Wed Nov 10 18:06:53.830120 2021] [http:trace4] [pid 28] http_request.c(436): [client 98.45.211.194:38584] Headers received from client: [Wed Nov 10 18:06:53.830131 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584] Host: lamp.cloudron.space [Wed Nov 10 18:06:53.830141 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584] X-Forwarded-For: 98.45.211.194 [Wed Nov 10 18:06:53.830151 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584] X-Forwarded-Host: lamp.cloudron.space [Wed Nov 10 18:06:53.830161 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584] X-Forwarded-Port: 443 [Wed Nov 10 18:06:53.830171 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584] X-Forwarded-Proto: https [Wed Nov 10 18:06:53.830180 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584] X-Forwarded-Ssl: on [Wed Nov 10 18:06:53.830190 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584] Connection: close [Wed Nov 10 18:06:53.830219 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584] user-agent: curl/7.68.0 [Wed Nov 10 18:06:53.830231 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584] accept: */* [Wed Nov 10 18:06:53.830242 2021] [http:trace4] [pid 28] http_request.c(439): [client 98.45.211.194:38584] authorization: Bearer YWxhZGRpbjpvcGVuc2VzYW1lMaybe some apache/php configuration?
-
As a next step, changing the LogFormat makes it print:
LogFormat "%{X-Forwarded-For}i %{Authorization}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxyI see in the logs:
98.45.211.194 Bearer YWxhZGRpbjpvcGVuc2VzYW1l - - [10/Nov/2021:18:11:24 +0000] "GET / HTTP/1.1" 401 52 "-" "curl/7.68.0" -
Dear,
I try to request with authorization header.
ex) Authorization: Bearer YWxhZGRpbjpvcGVuc2VzYW1lmy LAMP run as api server.
I try to put
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
in .htaccess
but not solve.maybe, apache not allow authorization header ?
Would you please any help ?
Regards,
@freetommy mm, I assumed what you tried didn't work. It works for me.
I put the below in
/app/data/.htaccess(placing this in/app/data/apache/app.confinsideVirtualHostalso works:SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1Restart the app. Then, I see the header passed on to PHP:
[HTTP_AUTHORIZATION] => Bearer YWxhZGRpbjpvcGVuc2VzYW1lFor future reference, this also worked (in apache config):
RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login