问题
After upgrading to php 5.5.1 and apache 2.4.6, checking for certain headers is now broken (specifically, checking for HTTP_X_REQUESTED_WITH).
Through further testing I noticed that any custom header that contains an underscore is ignored (by this I mean it does not show up in PHP's $_SERVER array). So if I add a header named my-header, it becomes available as $_SERVER['HTTP_MY_HEADER'], but if I try adding a header my_header, it's not available in $_SERVER.
回答1:
This is a documented feature in apache 2.4. See httpd.apache.org/docs/trunk/new_features_2_4.html
Translation of headers to environment variables is more strict than before to mitigate some possible cross-site-scripting attacks via header injection. Headers containing invalid characters (including underscores) are now silently dropped.
来源:https://stackoverflow.com/questions/18185366/header-names-with-underscores-ignored-in-php-5-5-1-apache-2-4-6