aboutsummaryrefslogtreecommitdiffhomepage
path: root/.htaccess
diff options
context:
space:
mode:
authorVirtualTam <virtualtam@flibidi.net>2018-03-22 22:23:41 +0100
committerVirtualTam <virtualtam@flibidi.net>2018-03-25 19:41:44 +0200
commitd1e8f152f6a3e7ed5df0ec7f9261d475a777d28a (patch)
treef26fc483c77b6fbd24c4e2e063f5378d5901bc5c /.htaccess
parent4c2f51256f2c914a10c0c7aa59311c5862d2a480 (diff)
downloadShaarli-d1e8f152f6a3e7ed5df0ec7f9261d475a777d28a.tar.gz
Shaarli-d1e8f152f6a3e7ed5df0ec7f9261d475a777d28a.tar.zst
Shaarli-d1e8f152f6a3e7ed5df0ec7f9261d475a777d28a.zip
httpd: always forward the 'Authorization' header
On some Apache HTTPD setups where the CGI/FastCGI mode is used, the HTTP header containing the JWT token is not forwarded, which results in the following error when attempting to use the REST API: "401 Not authorized: JWT token not provided" This patch allows forwarding the 'Authorization' header. An alternative would be to use the `CGIPassAuth` directive to allow all authorization headers to be forwarded. See: - https://secure.php.net/manual/en/features.http-auth.php#114877 - https://stackoverflow.com/questions/26475885/authorization-header-missing-in-php-post-request - https://stackoverflow.com/questions/13387516/authorization-header-missing-in-django-rest-framework-is-apache-to-blame - https://stackoverflow.com/questions/17018586/apache-2-4-php-fpm-and-authorization-headers - https://httpd.apache.org/docs/2.4/en/mod/core.html#cgipassauth Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to '.htaccess')
-rw-r--r--.htaccess4
1 files changed, 4 insertions, 0 deletions
diff --git a/.htaccess b/.htaccess
index 19dd72a8..7ba4744b 100644
--- a/.htaccess
+++ b/.htaccess
@@ -6,6 +6,10 @@ RewriteEngine On
6# Prevent accessing subdirectories not managed by SCM 6# Prevent accessing subdirectories not managed by SCM
7RewriteRule ^(.git|doxygen|vendor) - [F] 7RewriteRule ^(.git|doxygen|vendor) - [F]
8 8
9# Forward the "Authorization" HTTP header
10RewriteCond %{HTTP:Authorization} ^(.*)
11RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
12
9# REST API 13# REST API
10RewriteCond %{REQUEST_FILENAME} !-f 14RewriteCond %{REQUEST_FILENAME} !-f
11RewriteCond %{REQUEST_FILENAME} !-d 15RewriteCond %{REQUEST_FILENAME} !-d