yii2: Missing Authorization Header in request->getHeaders() on MAMP

Case: We are currently building a Yii2 Rest Application, which is access trough an Angular application. We have applied the authToken in a authInterceptor the verify the user who makes the request.

request : function (config) {
        config.headers = config.headers || {};
        config.headers.Authorization = 'Bearer ' + authToken;
        return config;
    }

Problem: The “Authorization Header” is not provided when using Yii2 Rest on a MAMP Server. The function getallheaders() in yii2\web\Request->getHeaders() does not return this Header entry. On an ubuntu server (for instance) it works like a charm, but not on every webserver configuration. Is there a workaround? Although, you should probably mention that in your Guide to use the correct Server Configuration (http://www.yiiframework.com/doc-2.0/guide-rest-authentication.html).

regards

About this issue

Original URL
State: closed
Created 10 years ago
Comments: 25 (11 by maintainers)

Most upvoted comments

We have fixed the problem. The problem appears if you’r using CGI/FastCGI mode. As mentioned in the php comments (http://php.net/manual/en/features.http-auth.php#114877) you can put

SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

in the .htaccess file to make Authorizaion variable available.

+100

nadar on Jan 20, 2015

@gauravparashar12 Try to add:

SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

to your .htaccess file.

nadar on Oct 15, 2015

If you are using https://github.com/bshaffer/oauth2-server-php You can also take a look at this comment: https://github.com/bshaffer/oauth2-server-php/blob/develop/src/OAuth2/Request.php#L138

alagodich on Aug 2, 2015

@nadar Two thumbs up for the solution. Inside MAMP Pro for those people using it, you need to switch back to Module Mode Under the PHP Tab, by selecting the Mode radio underneath PHP default version labeled as “Identical PHP version for all hosts (module)” if you choose to not edit the .htacess file.

Thank you again for the solution with CGI!

woody1ks on Feb 6, 2015

It does return data. But the requested Authorization parameter, which is required in the bearer auth filter, is missing.

$authHeader = $request->getHeaders()->get(‘Authorization’);

from: https://github.com/yiisoft/yii2/blob/master/framework/filters/auth/HttpBearerAuth.php

public function authenticate($user, $request, $response)
    {
        $authHeader = $request->getHeaders()->get('Authorization');
        if ($authHeader !== null && preg_match("/^Bearer\\s+(.*?)$/", $authHeader, $matches)) {
            $identity = $user->loginByAccessToken($matches[1], get_class($this));
            if ($identity === null) {
                $this->handleFailure($response);
            }
            return $identity;
        }
        return null;
    }

And as i could see, getHeaders() collects data from the function getallheaders(), i have debuged the output from getallheaders() and could have seen that Authorization parameter is not provided (at least on the mamp server installation).

from: https://github.com/yiisoft/yii2/blob/master/framework/web/Request.php

 public function getHeaders()
    {
        if ($this->_headers === null) {
            $this->_headers = new HeaderCollection;
            if (function_exists('getallheaders')) {
                $headers = getallheaders();
            } elseif (function_exists('http_get_request_headers')) {
                $headers = http_get_request_headers();
            } else {
                foreach ($_SERVER as $name => $value) {
                    if (strncmp($name, 'HTTP_', 5) === 0) {
                        $name = str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))));
                        $this->_headers->add($name, $value);
                    }
                }
                return $this->_headers;
            }
            foreach ($headers as $name => $value) {
                $this->_headers->add($name, $value);
            }
        }
        return $this->_headers;
    }

nadar on Dec 23, 2014