-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
'Authorization' is not included in the $request->headers
by default, so this module does not work by default either...
#15
Comments
Found the proper workaround: add The reason is that when using Apache with PHP under CGI/FastCGI mode, the Authorization header might be missing by default so that we can not access that via The |
Related if you're running PHP in CGI mode you may need to include this in your .htaccess:
|
Apologies for not responding, but indeed this is a known (to me, that is) issue, I should add it to the readme. Added issue #16 |
Thank you both @ec8or @Firesphere I was living in a Nginx-only world for such a long time, so Apache is the new adventure to me ;) |
I was trying to validate the token after create it, but this module always told me that my token is not valid.
After some debug, I found that this module get the HTTP header information by calling
$request->getHeader('Authorization');
, but in fact,Authorization
is not in there by default.To prove this, we can just compare the headers information in
index.php
, by writing:And I got:
The
$request
object withoutAuthorization
header info is passed all the way down to the place when doing the validation, so that's why it failed by default.After I made a trick to add the header info to
$request
manually, it works.I am wondering if it is a durable idea to include a HTTP middleware in this module to add the required headers to
$request
if they are missing? Or maybe this module should use the raw information provided by PHP instead of the$request
object while validating?The text was updated successfully, but these errors were encountered: