diff options
author | VirtualTam <virtualtam@flibidi.net> | 2018-03-22 22:23:41 +0100 |
---|---|---|
committer | VirtualTam <virtualtam@flibidi.net> | 2018-03-22 22:23:41 +0100 |
commit | 460cf03d6750cf9fa7e94de9af6fd66a704d6ee5 (patch) | |
tree | 607e005d6a0e3abc638201ecc1df598ebdecdcba | |
parent | e54cb1bbe7500d5271d767a298cefbc85f904e0d (diff) | |
download | Shaarli-460cf03d6750cf9fa7e94de9af6fd66a704d6ee5.tar.gz Shaarli-460cf03d6750cf9fa7e94de9af6fd66a704d6ee5.tar.zst Shaarli-460cf03d6750cf9fa7e94de9af6fd66a704d6ee5.zip |
httpd: always forward the 'Authorization' header
On some Apache HTTPD setups where the CGI/FastCGI mode is used, the HTTP header
containing the JWT token is not forwarded, which results in the following error
when attempting to use the REST API:
"401 Not authorized: JWT token not provided"
This patch allows forwarding the 'Authorization' header. An alternative would
be to use the `CGIPassAuth` directive to allow all authorization headers to be
forwarded.
See:
- https://secure.php.net/manual/en/features.http-auth.php#114877
- https://stackoverflow.com/questions/26475885/authorization-header-missing-in-php-post-request
- https://stackoverflow.com/questions/13387516/authorization-header-missing-in-django-rest-framework-is-apache-to-blame
- https://stackoverflow.com/questions/17018586/apache-2-4-php-fpm-and-authorization-headers
- https://httpd.apache.org/docs/2.4/en/mod/core.html#cgipassauth
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
-rw-r--r-- | .htaccess | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -6,6 +6,10 @@ RewriteEngine On | |||
6 | # Prevent accessing subdirectories not managed by SCM | 6 | # Prevent accessing subdirectories not managed by SCM |
7 | RewriteRule ^(.git|doxygen|vendor) - [F] | 7 | RewriteRule ^(.git|doxygen|vendor) - [F] |
8 | 8 | ||
9 | # Forward the "Authorization" HTTP header | ||
10 | RewriteCond %{HTTP:Authorization} ^(.*) | ||
11 | RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] | ||
12 | |||
9 | # REST API | 13 | # REST API |
10 | RewriteCond %{REQUEST_FILENAME} !-f | 14 | RewriteCond %{REQUEST_FILENAME} !-f |
11 | RewriteCond %{REQUEST_FILENAME} !-d | 15 | RewriteCond %{REQUEST_FILENAME} !-d |