From 676571dab927b0fb9b3746c36f0d7540e8dba2b5 Mon Sep 17 00:00:00 2001 From: Christoph Stoettner Date: Tue, 29 Sep 2020 12:15:04 +0200 Subject: Workaround for hoster (ionos) The hoster writes the environment variable with bearer token to REDIRECT_HTTP_AUTHORIZATION and needs to provide RewriteBase / to .htaccess --- application/api/ApiMiddleware.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'application') diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php index 09ce6445..da730e0c 100644 --- a/application/api/ApiMiddleware.php +++ b/application/api/ApiMiddleware.php @@ -107,7 +107,7 @@ class ApiMiddleware */ protected function checkToken($request) { - if (! $request->hasHeader('Authorization')) { + if (! $request->hasHeader('Authorization') && !isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { throw new ApiAuthorizationException('JWT token not provided'); } @@ -115,7 +115,11 @@ class ApiMiddleware throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration'); } - $authorization = $request->getHeaderLine('Authorization'); + if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { + $authorization = $_SERVER['REDIRECT_HTTP_AUTHORIZATION']; + } else { + $authorization = $request->getHeaderLine('Authorization'); + } if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) { throw new ApiAuthorizationException('Invalid JWT header'); -- cgit v1.2.3