diff options
| author | VirtualTam <virtualtam@flibidi.net> | 2018-03-22 22:23:41 +0100 |
|---|---|---|
| committer | VirtualTam <virtualtam@flibidi.net> | 2018-03-25 19:41:44 +0200 |
| commit | d1e8f152f6a3e7ed5df0ec7f9261d475a777d28a (patch) | |
| tree | f26fc483c77b6fbd24c4e2e063f5378d5901bc5c /doc/md/Unit-tests.md | |
| parent | 4c2f51256f2c914a10c0c7aa59311c5862d2a480 (diff) | |
| download | Shaarli-d1e8f152f6a3e7ed5df0ec7f9261d475a777d28a.tar.gz Shaarli-d1e8f152f6a3e7ed5df0ec7f9261d475a777d28a.tar.zst Shaarli-d1e8f152f6a3e7ed5df0ec7f9261d475a777d28a.zip | |
httpd: always forward the 'Authorization' header
On some Apache HTTPD setups where the CGI/FastCGI mode is used, the HTTP header
containing the JWT token is not forwarded, which results in the following error
when attempting to use the REST API:
"401 Not authorized: JWT token not provided"
This patch allows forwarding the 'Authorization' header. An alternative would
be to use the `CGIPassAuth` directive to allow all authorization headers to be
forwarded.
See:
- https://secure.php.net/manual/en/features.http-auth.php#114877
- https://stackoverflow.com/questions/26475885/authorization-header-missing-in-php-post-request
- https://stackoverflow.com/questions/13387516/authorization-header-missing-in-django-rest-framework-is-apache-to-blame
- https://stackoverflow.com/questions/17018586/apache-2-4-php-fpm-and-authorization-headers
- https://httpd.apache.org/docs/2.4/en/mod/core.html#cgipassauth
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
Diffstat (limited to 'doc/md/Unit-tests.md')
0 files changed, 0 insertions, 0 deletions