使用 PHP 和 curl 设置授权标头
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1304974/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Set Authorization header using PHP and curl
提问by searlea
We're using Commission Junction's REST service, which requires we sent an API key in the Authorizationheader.
我们正在使用 Commission Junction 的 REST 服务,这要求我们在Authorization标头中发送 API 密钥。
We set the header like this:
我们像这样设置标题:
$ch = curl_init();
curl_setopt_array($ch, array(
// set url, timeouts, encoding headers etc.
CURLOPT_URL => 'https://....',
// ...
));
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Authorization: ' . CJ_API_KEY,
'User-Agent: ' . OUR_USER_AGENT
));
$response = curl_exec($ch);
$info = curl_getinfo($ch);
The problem is that the Authorizationheader isn't sent (we debugged this by using a local url and doing a var_export($_SERVER)which shows a User-Agentheader is set, but not the Authorizationheader.)
问题是Authorization未发送标头(我们通过使用本地 url 并执行var_export($_SERVER)显示User-Agent设置了标头但未设置标头来调试此问题Authorization。)
If we change the header name to X-Authorization, it gets sent - but this hasn't helped us as the service specifically requires the Authorizationheader.
如果我们将标头名称更改为X-Authorization,它将被发送 - 但这对我们没有帮助,因为服务特别需要Authorization标头。
How do we get PHP + cURL to send an arbitrary Authorizationheader?
我们如何让 PHP + cURL 发送任意Authorization标头?
回答by searlea
The Authorizationheader isn't included in PHP's $_SERVERvariable. To properly debug a request you should use apache_request_headers()which shows we were sending the Authorizationheader exactly as we wanted.
该Authorization头不包含在PHP的$_SERVER变量。要正确调试请求,您应该使用apache_request_headers()它显示我们Authorization完全按照我们想要的方式发送标头。
The problem then moved on to figuring out exactly what to put in the Authorizationheader given some pretty bad documentation.
Authorization鉴于一些非常糟糕的文档,问题然后转移到弄清楚在标题中确切地放什么。
回答by Till
When the header is set by the client, then the Authorization-header from the request is included in $_SERVER—?not sure if this is something new, but it is now. HTTP-headers get prefixed in the $_SERVERarray with HTTP_which may be something you previously overlooked.
当客户端设置标头时,Authorization来自请求的-header 包含在$_SERVER-? 不确定这是否是新的东西,但现在是。HTTP 标头在$_SERVER数组中带有前缀,HTTP_这可能是您之前忽略的内容。
Also, apache_request_headers()is a function which is only defined when you use Apache as a web server. So everyone with nginx etc. is left out.
此外,apache_request_headers()是一个仅在您将 Apache 用作 Web 服务器时才定义的函数。因此,所有使用 nginx 等的人都被排除在外。
Demo
演示
On the server-side:
在服务器端:
<?php
// server.php
var_dump($_SERVER['HTTP_AUTHORIZATION']);
Test
测试
Start a webserver (requires PHP 5.4):
启动网络服务器(需要 PHP 5.4):
$ php -S 0.0.0.0:31337 -t .
Make sure server.php is in the current directory.
确保 server.php 在当前目录中。
Use cURL to test:
使用 cURL 进行测试:
$ curl -H 'Authorization: FOO' http://0.0.0.0:31337/server.php
string(3) "FOO"
Works. :)
作品。:)
