|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50976 Soap headers Authorization not allowed
Submitted: 2010-02-09 17:08 UTC Modified: 2010-05-28 14:18 UTC
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: Assigned: dmitry (profile)
Status: Closed Package: SOAP related
PHP Version: 5.3.1 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
23 - 20 = ?
Subscribe to this entry?

 [2010-02-09 17:08 UTC]

This patch adds support to add headers into the http context, but doesn't allow the Authorization header for some reason.

I added a patch to our 5.2 build that would add all headers in the http context and remove that patch in 5.3 because I noticed the above patch.  Somebody at work is needing to add Authorization header to get OAuth stuff working, but for some reason it is not allowed.

Here is a patch that will allow the Authorization header:

Reproduce code:
Here is an example script that requires the Authorization when used for the OAuth stuff.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2010-03-26 01:15 UTC]
I am removing oauthsoapsample.php.txt as there was bad code in that and mail asked me to remove it.

I have added:

which has multiple scripts that show the problem.
 [2010-04-18 15:44 UTC] reigo at reinmets dot ee
I've  been looking everywhere to find a fix for this.. Thank you very much. 

My problem being, that i have a b2b application where the other end is saying:
HTTP: Cannot process the message because the content type 'text/xml; charset=utf-
8' was not the expected type 'application/soap+xml; charset=utf-8'.

And ofcourse the ability to change it in PHP side.. of right, no ability :(
 [2010-05-28 14:18 UTC]
Automatic comment from SVN on behalf of dmitry
Log: Fixed bug #50976 (Soap headers Authorization not allowed)
 [2010-05-28 14:18 UTC]
-Status: Assigned +Status: Closed
 [2010-05-28 14:18 UTC]
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

 [2010-07-09 16:17 UTC] henri at asseily dot com
It's good that the authorization header is not silently discarded any more, but 
that solution in the snapshot is suboptimal at best.
It requires the auth header to be set in the context, when instead a simple 
'authorization' parameter in the constructor could allow the user to pass in 
anything, including custom-built or cached auth headers such as the OAuth header.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Jun 13 20:01:31 2024 UTC