From 676571dab927b0fb9b3746c36f0d7540e8dba2b5 Mon Sep 17 00:00:00 2001 From: Christoph Stoettner Date: Tue, 29 Sep 2020 12:15:04 +0200 Subject: [PATCH] Workaround for hoster (ionos) The hoster writes the environment variable with bearer token to REDIRECT_HTTP_AUTHORIZATION and needs to provide RewriteBase / to .htaccess --- .htaccess | 4 ++++ application/api/ApiMiddleware.php | 8 ++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.htaccess b/.htaccess index af2dc5a7..25fcfb03 100644 --- a/.htaccess +++ b/.htaccess @@ -10,8 +10,12 @@ RewriteRule ^(.git|doxygen|vendor) - [F] # fixes JWT token not correctly forwarded on some Apache/FastCGI setups RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] +# Alternative (if the 2 lines above don't work) +# SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 # REST API +# Ionos Hosting needs RewriteBase / +# RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^ index.php [QSA,L] diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php index 09ce6445..da730e0c 100644 --- a/application/api/ApiMiddleware.php +++ b/application/api/ApiMiddleware.php @@ -107,7 +107,7 @@ class ApiMiddleware */ protected function checkToken($request) { - if (! $request->hasHeader('Authorization')) { + if (! $request->hasHeader('Authorization') && !isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { throw new ApiAuthorizationException('JWT token not provided'); } @@ -115,7 +115,11 @@ class ApiMiddleware throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration'); } - $authorization = $request->getHeaderLine('Authorization'); + if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { + $authorization = $_SERVER['REDIRECT_HTTP_AUTHORIZATION']; + } else { + $authorization = $request->getHeaderLine('Authorization'); + } if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) { throw new ApiAuthorizationException('Invalid JWT header'); -- 2.41.0