php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #50976 Soap headers Authorization not allowed
Submitted: 2010-02-09 17:08 UTC Modified: 2010-05-28 14:18 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: bfrance@php.net Assigned: dmitry (profile)
Status: Closed Package: SOAP related
PHP Version: 5.3.1 OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: bfrance@php.net
New email:
PHP Version: OS:

 

 [2010-02-09 17:08 UTC] bfrance@php.net 
Description:
------------
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/soap/php_http.c?r1=266886&r2=266885&pathrev=266886

This patch adds support to add headers into the http context, but doesn't allow the Authorization header for some reason.

I added a patch to our 5.2 build that would add all headers in the http context and remove that patch in 5.3 because I noticed the above patch.  Somebody at work is needing to add Authorization header to get OAuth stuff working, but for some reason it is not allowed.

Here is a patch that will allow the Authorization header:

http://www.brianfrance.com/software/php/soap_http_headers/soap_http_headers.diff

Reproduce code:
---------------
Here is an example script that requires the Authorization when used for the OAuth stuff.

http://www.brianfrance.com/software/php/soap_http_headers/oauthsoapsample.php.txt

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-03-26 01:15 UTC] bfrance@php.net 
I am removing oauthsoapsample.php.txt as there was bad code in that and mail asked me to remove it.

I have added:

http://www.brianfrance.com/software/php/soap_http_headers/phpsample.zip

which has multiple scripts that show the problem.
 [2010-04-18 15:44 UTC] reigo at reinmets dot ee 
I've  been looking everywhere to find a fix for this.. Thank you very much. 

My problem being, that i have a b2b application where the other end is saying:
HTTP: Cannot process the message because the content type 'text/xml; charset=utf-
8' was not the expected type 'application/soap+xml; charset=utf-8'.

And ofcourse the ability to change it in PHP side.. of right, no ability :(
 [2010-05-28 14:18 UTC] dmitry@php.net 
Automatic comment from SVN on behalf of dmitry
Revision: http://svn.php.net/viewvc/?view=revision&revision=299903
Log: Fixed bug #50976 (Soap headers Authorization not allowed)
 [2010-05-28 14:18 UTC] dmitry@php.net
-Status: Assigned +Status: Closed
 [2010-05-28 14:18 UTC] dmitry@php.net 
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 [2010-07-09 16:17 UTC] henri at asseily dot com 
It's good that the authorization header is not silently discarded any more, but 
that solution in the snapshot is suboptimal at best.
It requires the auth header to be set in the context, when instead a simple 
'authorization' parameter in the constructor could allow the user to pass in 
anything, including custom-built or cached auth headers such as the OAuth header.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 13:01:29 2024 UTC