PHP :: Bug #67883 :: OAuthProvider misses authorization header on Apache+FastCGI

Bug #67883

OAuthProvider misses authorization header on Apache+FastCGI

Submitted:

2014-08-21 19:24 UTC

Modified:

2014-10-06 21:16 UTC

Votes:	1
Avg. Score:	4.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

cweiske@php.net

Assigned:

Status:

Open

Package:

oauth (PECL)

PHP Version:

Irrelevant

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	cweiske@php.net
New email:
PHP Version:		OS:

New/Additional Comment:

[2014-08-21 19:24 UTC] cweiske@php.net

Description:
------------
OAuthProvider extracts oauth data from the Authorization header which is available in $_SERVER['HTTP_AUTHORIZATION'].
This fails on apache with FastCGI because that header does not exist there.

It is common to use rewrite rules like
> RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
to pass the authorization header to the FastCGI process, but it will be prefixed with REDIRECT_:
> REDIRECT_HTTP_AUTHORIZATION

pecl/oauth should try to read from this variable in its oauthprovider::__construct method as fallback.

Currently I have to manually parse that header and pass the oauth parameters as array to the constructor. But duplicating that functionality in userland isn't really nice.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-08-21 19:31 UTC] jawed@php.net

Makes sense to me. It's a relatively minor change as well, anyone have any objections?

[2014-08-21 23:48 UTC] datibbaw@php.net

That's Apache sadness for you ;-)

I'm fine with having that added as the fallback.

Btw, how about that release tag? ^_^

[2014-08-22 00:54 UTC] jawed@php.net

Cool, I figure we better let cweiske's test harness have its way before creating that tag :-)

[2014-08-22 00:55 UTC] jawed@php.net

I figure we better let cweiske's test harness have its way before creating that tag :-)

[2014-08-22 03:57 UTC] jawed@php.net

Automatic comment from SVN on behalf of jawed
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=334579
Log: Bug 67883, prep for 1.2.4

[2014-08-22 03:57 UTC] jawed@php.net

Fixed in SVN, can you please check/review?

[2014-08-22 06:53 UTC] cweiske@php.net

Sorry, but it does not work here. I get a "Missing required parameters" exception.

[2014-10-06 21:16 UTC] cweiske@php.net

Could it be that the header mapping that .htaccess creates is pushed over to the cgi process in a different way?

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Tue Oct 28 19:00:01 2025 UTC