php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50976 Soap headers Authorization not allowed
Submitted: 2010-02-09 17:08 UTC Modified: 2010-05-28 14:18 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: bfrance@php.net Assigned: dmitry
Status: Closed Package: SOAP related
PHP Version: 5.3.1 OS:
Private report: No CVE-ID:
 [2010-02-09 17:08 UTC] bfrance@php.net
Description:
------------
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/soap/php_http.c?r1=266886&r2=266885&pathrev=266886

This patch adds support to add headers into the http context, but doesn't allow the Authorization header for some reason.

I added a patch to our 5.2 build that would add all headers in the http context and remove that patch in 5.3 because I noticed the above patch.  Somebody at work is needing to add Authorization header to get OAuth stuff working, but for some reason it is not allowed.

Here is a patch that will allow the Authorization header:

http://www.brianfrance.com/software/php/soap_http_headers/soap_http_headers.diff

Reproduce code:
---------------
Here is an example script that requires the Authorization when used for the OAuth stuff.

http://www.brianfrance.com/software/php/soap_http_headers/oauthsoapsample.php.txt


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-03-26 01:15 UTC] bfrance@php.net
I am removing oauthsoapsample.php.txt as there was bad code in that and mail asked me to remove it.

I have added:

http://www.brianfrance.com/software/php/soap_http_headers/phpsample.zip

which has multiple scripts that show the problem.
 [2010-04-18 15:44 UTC] reigo at reinmets dot ee
I've  been looking everywhere to find a fix for this.. Thank you very much. 

My problem being, that i have a b2b application where the other end is saying:
HTTP: Cannot process the message because the content type 'text/xml; charset=utf-
8' was not the expected type 'application/soap+xml; charset=utf-8'.

And ofcourse the ability to change it in PHP side.. of right, no ability :(
 [2010-05-28 14:18 UTC] dmitry@php.net
Automatic comment from SVN on behalf of dmitry
Revision: http://svn.php.net/viewvc/?view=revision&revision=299903
Log: Fixed bug #50976 (Soap headers Authorization not allowed)
 [2010-05-28 14:18 UTC] dmitry@php.net
-Status: Assigned +Status: Closed
 [2010-05-28 14:18 UTC] dmitry@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2010-07-09 16:17 UTC] henri at asseily dot com
It's good that the authorization header is not silently discarded any more, but 
that solution in the snapshot is suboptimal at best.
It requires the auth header to be set in the context, when instead a simple 
'authorization' parameter in the constructor could allow the user to pass in 
anything, including custom-built or cached auth headers such as the OAuth header.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 19:01:51 2014 UTC