php Symfony 2 中的请求标头包缺少授权标头?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/11990388/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Request headers bag is missing Authorization header in Symfony 2?
提问by Polmonino
I'm trying to implement a custom authentication providerin Symfony 2. I'm sending a test request using Fiddler and printing all headers server side; well, Authorizationheader is missing.
我正在尝试在 Symfony 2 中实现自定义身份验证提供程序。我正在使用 Fiddler 发送测试请求并打印所有标头服务器端;好吧,Authorization标题丢失了。
Am i doing something wrong?
难道我做错了什么?
GET /RESTfulBackend/web/index.php HTTP/1.1
Authorization: FID 44CF9590006BF252F707:jZNOcbfWmD/
Host: localhost
User-Agent: Fiddler
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: it-it,it;q=0.8,en-us;q=0.5,en;q=0.3
Listener just prints the headers and quits:
侦听器只打印标题并退出:
class HMACListener implements ListenerInterface
{
private $securityContext;
private $authenticationManager;
public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
print_r($request->headers->all());
die();
}
}
Response is missing Authorizationheader:
响应缺少Authorization标题:
Array
(
[host] => Array
(
[0] => localhost
)
[user-agent] => Array
(
[0] => Fiddler
)
[accept] => Array
(
[0] => text/html,application/xhtml+xml,application/xml
)
[accept-language] => Array
(
[0] => it-it,it;q=0.8,en-us;q=0.5,en;q=0.3
)
)
回答by Akambi Fagbohoun
You must add this code to a virtualhosttag
您必须将此代码添加到虚拟主机标记
It will not work if you put it in a Directorytag.
如果你把它放在目录标签中,它将不起作用。
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
回答by matt
Akambi's answer didn't work for me, but found this answer in the php website:
Akambi 的回答对我不起作用,但在 php 网站上找到了这个答案:
"Workaround for missing Authorization header under CGI/FastCGI Apache:
“在 CGI/FastCGI Apache 下丢失授权标头的解决方法:
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=RewriteEngine On
RewriteCond %{HTTP:Authorization} .+
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
Now PHP should automatically declare $_SERVER[PHP_AUTH_*] variables if the client sends the Authorization header."
现在,如果客户端发送 Authorization 标头,PHP 应该自动声明 $_SERVER[PHP_AUTH_*] 变量。”
Thanks derkontrollfreak+9hy5l!
感谢 derkontrollfreak+9hy5l!
回答by mezod
The verified solution worked for me at the time to get the Authorization header through. However, it generated an empty Authorization header when there was none in the incoming request. This is how I solved it:
经过验证的解决方案当时对我有用,可以通过 Authorization 标头。但是,当传入的请求中没有时,它会生成一个空的 Authorization 标头。我是这样解决的:
namespace My\Project\Frontend\EventListener;
use Symfony\Component\HttpFoundation\HeaderBag;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
/**
* Listener for the REQUEST event. Patches the HeaderBag because the
* "Authorization" header is not included in $_SERVER
*/
class AuthenticationHeaderListener
{
/**
* Handles REQUEST event
*
* @param GetResponseEvent $event the event
*/
public function onKernelRequest(GetResponseEvent $event)
{
$this->fixAuthHeader($event->getRequest()->headers);
}
/**
* PHP does not include HTTP_AUTHORIZATION in the $_SERVER array, so this header is missing.
* We retrieve it from apache_request_headers()
*
* @param HeaderBag $headers
*/
protected function fixAuthHeader(HeaderBag $headers)
{
if (!$headers->has('Authorization') && function_exists('apache_request_headers')) {
$all = apache_request_headers();
if (isset($all['Authorization'])) {
$headers->set('Authorization', $all['Authorization']);
}
}
}
}
回答by Fabian Schmengler
I had the same problem when writing a public API with custom Authorizationheader. To fix the HeaderBagI used a listener:
在编写带有自定义Authorization标头的公共 API 时,我遇到了同样的问题。为了修复HeaderBag我使用了一个监听器:
services:
fix_authentication_header_listener:
class: My\Project\Frontend\EventListener\AuthenticationHeaderListener
tags:
- { name: kernel.event_listener, event: kernel.request, method: onKernelRequest, priority: 255 }
and bound it to kernel.requestin the service definition:
并将其绑定到kernel.request服务定义中:
CGIPassAuth On
回答by Mun Mun Das
Authorization header is used for http basic authenticationwhich is discarded by apache if not in valid format. Try using another name.
授权标头用于http 基本身份验证,如果格式无效,apache 将丢弃该标头。尝试使用其他名称。
回答by likeitlikeit
Another option that worked for Apache 2.4 when other options did not was to set the CGIPassAuthoption in the relevant <Directory>context, like this:
当其他选项不起作用时,另一个适用于 Apache 2.4 的CGIPassAuth选项是在相关<Directory>上下文中设置选项,如下所示:
According to the documentation, it is available since Apache 2.4.13.
根据文档,它从 Apache 2.4.13 开始可用。
回答by ghaliano
We should authorise this header "Authorization" on the server side,
我们应该在服务器端授权这个头“授权”,
it's also simply done with nelmioCorsBundle
nelmio_cors:
defaults:
allow_credentials: false
allow_origin: []
allow_headers: []
allow_methods: []
expose_headers: []
max_age: 0
hosts: []
origin_regex: false
forced_allow_origin_value: ~
paths:
'^/api/':
allow_origin: ['*']
allow_headers: ['Authorization']
它也可以通过 nelmioCorsBundle 轻松完成
nelmio_cors:
defaults:
allow_credentials: false
allow_origin: []
allow_headers: []
allow_methods: []
expose_headers: []
max_age: 0
hosts: []
origin_regex: false
forced_allow_origin_value: ~
paths:
'^/api/':
allow_origin: ['*']
allow_headers: ['Authorization']
回答by Wilt
Another solution is to change your PHPhandler to run PHP as Apache Moduleinstead of as CGI application.
另一种解决方案是更改您的PHP处理程序以运行 PHP asApache Module而不是 as CGI application。
