From 676571dab927b0fb9b3746c36f0d7540e8dba2b5 Mon Sep 17 00:00:00 2001
From: Christoph Stoettner <christoph.stoettner@stoeps.de>
Date: Tue, 29 Sep 2020 12:15:04 +0200
Subject: Workaround for hoster (ionos)

The hoster writes the environment variable with bearer token to
REDIRECT_HTTP_AUTHORIZATION and needs to provide RewriteBase / to
.htaccess
---
 application/api/ApiMiddleware.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'application/api')

diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php
index 09ce6445..da730e0c 100644
--- a/application/api/ApiMiddleware.php
+++ b/application/api/ApiMiddleware.php
@@ -107,7 +107,7 @@ class ApiMiddleware
      */
     protected function checkToken($request)
     {
-        if (! $request->hasHeader('Authorization')) {
+        if (! $request->hasHeader('Authorization') && !isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
             throw new ApiAuthorizationException('JWT token not provided');
         }
 
@@ -115,7 +115,11 @@ class ApiMiddleware
             throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration');
         }
 
-        $authorization = $request->getHeaderLine('Authorization');
+	if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
+	    $authorization = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
+	} else {
+            $authorization = $request->getHeaderLine('Authorization');
+	}
 
         if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) {
             throw new ApiAuthorizationException('Invalid JWT header');
-- 
cgit v1.2.3