PHP POST 请求中缺少授权标头
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/26475885/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Authorization header missing in PHP POST request
提问by jimmy
I'm currently trying to read the authorization header in a PHP script that I'm calling with a POST request. The Authorization header is populated with a token. It seems the Authorization header is somehow removed before it arrives at my PHP script. I'm executing the post request with Postman (Chrome addon) and I enabled CORS in my PHP script. I don't have access to the apache server directly.
我目前正在尝试读取使用 POST 请求调用的 PHP 脚本中的授权标头。Authorization 标头中填充了一个令牌。似乎授权标头在到达我的 PHP 脚本之前以某种方式被删除。我正在使用 Postman(Chrome 插件)执行发布请求,并在我的 PHP 脚本中启用了 CORS。我无法直接访问 apache 服务器。
HTTP Request:
HTTP请求:
Accept:*/*
Accept-Encoding:gzip,deflate
Accept-Language:de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4,ja;q=0.2
Authorization:Bearer mytoken
Cache-Control:no-cache
Connection:keep-alive
Content-Length:32
Content-Type:text/plain;charset=UTF-8
Host:www.myhost.com
Origin:chrome-extension://fdmmgilgnpjigdojojpjoooidkmcomcm
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/38.0.2125.104 Safari/537.36
PHP script:
PHP脚本:
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Headers: Authorization, Origin, X-Requested-With, Content-Type, Accept");
header("Content-Type: application/json");
$headers = getallheaders();
echo $headers['Authorization'];
The above script outputs '' (= nothing).
上面的脚本输出 '' (= nothing)。
回答by jimmy
After quite some time a found a solution to this problem. Somehow the Authorization header was stripped away and by adding the following lines in my .htaccess I was able to get it to work.
经过一段时间后,找到了解决此问题的方法。不知何故,授权标头被剥离了,通过在我的 .htaccess 中添加以下几行,我能够让它工作。
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
回答by Tech Nomad
I had first to add this to my machines Apache config file:
我必须首先将它添加到我的机器 Apache 配置文件中:
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=
On Linux in /etc/apache2/apache2.conf
在 Linux 上 /etc/apache2/apache2.conf
On Mac using Homebrew in /usr/local/etc/httpd/httpd.conf
在 Mac 上使用 Homebrew /usr/local/etc/httpd/httpd.conf
On Mac with "native" Apache: /private/etc/apache2/httpd.confor: /etc/apache2/httpd.conf
在 Mac 上使用“本机”Apache:/private/etc/apache2/httpd.conf或:/etc/apache2/httpd.conf
Adding this to .htaccess didn't work for any reason:
将此添加到 .htaccess 没有任何原因:
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
回答by Grigoreas P.
Below array holds request headers, that may be missing in $_SERVER variable
下面的数组包含请求标头,它可能在 $_SERVER 变量中丢失
$headers = apache_request_headers();
(Especially true for 'HTTP_X_REQUESTED_WITH' ajax header, which will be found this way as:
$headers['X_REQUESTED_WITH']
(对于 'HTTP_X_REQUESTED_WITH' ajax 标头尤其如此,它将通过以下方式找到:
$headers['X_REQUESTED_WITH']
回答by luciomonter
I don't know why my php 5.4.45 running on NGINX was refusing any custom header containing underscores:
我不知道为什么我在 NGINX 上运行的 php 5.4.45 拒绝任何包含下划线的自定义标头:
ACCEPTED: CURLOPT_HTTPHEADER => array('Authorization: 123456')
接受:CURLOPT_HTTPHEADER => 数组('授权:123456')
REFUSED: CURLOPT_HTTPHEADER => array('my_Authorization: 123456')
拒绝:CURLOPT_HTTPHEADER => 数组('my_Authorization:123456')
I hope it can help someone. Cheers
我希望它可以帮助某人。干杯
回答by hgc2002
This solution (mentioned above) worked for me after tricking httpd.conf file:
这个解决方案(上面提到的)在欺骗 httpd.conf 文件后对我有用:
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
To make this work, httpd.conf had to include these directives in my Alias section:
为了使这项工作,httpd.conf 必须在我的别名部分包含这些指令:
AllowOverride All
Options FollowSymLinks
The first one is too open (yes, I know), but .htaccess is totally avoided if you put AllowOverride None.
第一个太开放了(是的,我知道),但是如果您将 AllowOverride None 设置为完全避免使用 .htaccess。
Also, RewriteRule is avoided too is you don't use FollowSymLinks or so (based in Apache docs)
此外,如果您不使用 FollowSymLinks 左右(基于 Apache 文档),也可以避免使用 RewriteRule
