aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--.htaccess4
-rw-r--r--application/api/ApiMiddleware.php8
2 files changed, 10 insertions, 2 deletions
diff --git a/.htaccess b/.htaccess
index af2dc5a7..25fcfb03 100644
--- a/.htaccess
+++ b/.htaccess
@@ -10,8 +10,12 @@ RewriteRule ^(.git|doxygen|vendor) - [F]
10# fixes JWT token not correctly forwarded on some Apache/FastCGI setups 10# fixes JWT token not correctly forwarded on some Apache/FastCGI setups
11RewriteCond %{HTTP:Authorization} ^(.*) 11RewriteCond %{HTTP:Authorization} ^(.*)
12RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] 12RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
13# Alternative (if the 2 lines above don't work)
14# SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
13 15
14# REST API 16# REST API
17# Ionos Hosting needs RewriteBase /
18# RewriteBase /
15RewriteCond %{REQUEST_FILENAME} !-f 19RewriteCond %{REQUEST_FILENAME} !-f
16RewriteCond %{REQUEST_FILENAME} !-d 20RewriteCond %{REQUEST_FILENAME} !-d
17RewriteRule ^ index.php [QSA,L] 21RewriteRule ^ index.php [QSA,L]
diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php
index 09ce6445..da730e0c 100644
--- a/application/api/ApiMiddleware.php
+++ b/application/api/ApiMiddleware.php
@@ -107,7 +107,7 @@ class ApiMiddleware
107 */ 107 */
108 protected function checkToken($request) 108 protected function checkToken($request)
109 { 109 {
110 if (! $request->hasHeader('Authorization')) { 110 if (! $request->hasHeader('Authorization') && !isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
111 throw new ApiAuthorizationException('JWT token not provided'); 111 throw new ApiAuthorizationException('JWT token not provided');
112 } 112 }
113 113
@@ -115,7 +115,11 @@ class ApiMiddleware
115 throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration'); 115 throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration');
116 } 116 }
117 117
118 $authorization = $request->getHeaderLine('Authorization'); 118 if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
119 $authorization = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
120 } else {
121 $authorization = $request->getHeaderLine('Authorization');
122 }
119 123
120 if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) { 124 if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) {
121 throw new ApiAuthorizationException('Invalid JWT header'); 125 throw new ApiAuthorizationException('Invalid JWT header');