1. 技术文章
  2. Symfony 2.3 getRequest()->headers not showing Authorization Bearer Token

Symfony 2.3 getRequest()->headers not showing Authorization Bearer Token

拥有回忆 提交于 2019-11-29 07:30:51

It is most likely stripped by Apache. Bearer is not a known scheme, it is sort of proprietary.

Therefore, either you use a custom header, like X-Bearer-Token: 123456789 or you can try to add this rewrite condition in your .htaccess

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

Symfony is using php global variable $_SERVER to create Request->headers variable, but $_SERVERdoes not contain all headers. For getting all headers you have to use php native function getallheaders() more info: http://php.net/manual/en/function.getallheaders.php

There seems to be a disconnect here between the question and the accepted answer. If the Authorization header is available to PHP's getallheaders() then Apache clearly isn't stripping it. I'd guess that the problem is related to the use of Symfony. $this->getRequest()->headers doesn't return an object containing headers, it returns a HeaderBag. Assuming the header is visible to getallheaders(), this works:

$this->getRequest()->headers->all();

Or more specifically:

$this->getRequest()->headers->get('Authorization');

seems like the apache mod_php "eats" the authorization header.

this worked for me:

if (!$request->headers->has('Authorization') && function_exists('apache_request_headers')) {
        $all = apache_request_headers();
        if (isset($all['Authorization'])) {
            $request->headers->set('Authorization', $all['Authorization']);
        }
    }

You can also use apache_request_headers(); to get the original headers which will have the Authorization header.

标签
symfony
authorization
token
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!