PHP :: Bug #67883 :: OAuthProvider misses authorization header on Apache+FastCGI

Bug #67883

OAuthProvider misses authorization header on Apache+FastCGI

Submitted:

2014-08-21 19:24 UTC

Modified:

2014-10-06 21:16 UTC

Votes:	1
Avg. Score:	4.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

cweiske@php.net

Assigned:

Status:

Open

Package:

oauth (PECL)

PHP Version:

Irrelevant

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	cweiske@php.net
New email:
PHP Version:		OS:

New Comment:

[2014-08-21 19:24 UTC] cweiske@php.net

Description:
------------
OAuthProvider extracts oauth data from the Authorization header which is available in $_SERVER['HTTP_AUTHORIZATION'].
This fails on apache with FastCGI because that header does not exist there.

It is common to use rewrite rules like
> RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
to pass the authorization header to the FastCGI process, but it will be prefixed with REDIRECT_:
> REDIRECT_HTTP_AUTHORIZATION

pecl/oauth should try to read from this variable in its oauthprovider::__construct method as fallback.

Currently I have to manually parse that header and pass the oauth parameters as array to the constructor. But duplicating that functionality in userland isn't really nice.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-08-21 19:31 UTC] jawed@php.net

Makes sense to me. It's a relatively minor change as well, anyone have any objections?

[2014-08-21 23:48 UTC] datibbaw@php.net

That's Apache sadness for you ;-)

I'm fine with having that added as the fallback.

Btw, how about that release tag? ^_^

[2014-08-22 00:54 UTC] jawed@php.net

Cool, I figure we better let cweiske's test harness have its way before creating that tag :-)

[2014-08-22 00:55 UTC] jawed@php.net

I figure we better let cweiske's test harness have its way before creating that tag :-)

[2014-08-22 03:57 UTC] jawed@php.net

Automatic comment from SVN on behalf of jawed
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=334579
Log: Bug 67883, prep for 1.2.4

[2014-08-22 03:57 UTC] jawed@php.net

Fixed in SVN, can you please check/review?

[2014-08-22 06:53 UTC] cweiske@php.net

Sorry, but it does not work here. I get a "Missing required parameters" exception.

[2014-10-06 21:16 UTC] cweiske@php.net

Could it be that the header mapping that .htaccess creates is pushed over to the cgi process in a different way?

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Nov 22 04:01:28 2024 UTC