|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50976 Soap headers Authorization not allowed
Submitted: 2010-02-09 17:08 UTC Modified: 2010-05-28 14:18 UTC
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: Assigned: dmitry (profile)
Status: Closed Package: SOAP related
PHP Version: 5.3.1 OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
New email:
PHP Version: OS:


 [2010-02-09 17:08 UTC]

This patch adds support to add headers into the http context, but doesn't allow the Authorization header for some reason.

I added a patch to our 5.2 build that would add all headers in the http context and remove that patch in 5.3 because I noticed the above patch.  Somebody at work is needing to add Authorization header to get OAuth stuff working, but for some reason it is not allowed.

Here is a patch that will allow the Authorization header:

Reproduce code:
Here is an example script that requires the Authorization when used for the OAuth stuff.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2010-03-26 01:15 UTC]
I am removing oauthsoapsample.php.txt as there was bad code in that and mail asked me to remove it.

I have added:

which has multiple scripts that show the problem.
 [2010-04-18 15:44 UTC] reigo at reinmets dot ee
I've  been looking everywhere to find a fix for this.. Thank you very much. 

My problem being, that i have a b2b application where the other end is saying:
HTTP: Cannot process the message because the content type 'text/xml; charset=utf-
8' was not the expected type 'application/soap+xml; charset=utf-8'.

And ofcourse the ability to change it in PHP side.. of right, no ability :(
 [2010-05-28 14:18 UTC]
Automatic comment from SVN on behalf of dmitry
Log: Fixed bug #50976 (Soap headers Authorization not allowed)
 [2010-05-28 14:18 UTC]
-Status: Assigned +Status: Closed
 [2010-05-28 14:18 UTC]
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

 [2010-07-09 16:17 UTC] henri at asseily dot com
It's good that the authorization header is not silently discarded any more, but 
that solution in the snapshot is suboptimal at best.
It requires the auth header to be set in the context, when instead a simple 
'authorization' parameter in the constructor could allow the user to pass in 
anything, including custom-built or cached auth headers such as the OAuth header.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Jun 13 20:01:31 2024 UTC