|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67883 OAuthProvider misses authorization header on Apache+FastCGI
Submitted: 2014-08-21 19:24 UTC Modified: 2014-10-06 21:16 UTC
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: Assigned:
Status: Open Package: oauth (PECL)
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2014-08-21 19:24 UTC]
OAuthProvider extracts oauth data from the Authorization header which is available in $_SERVER['HTTP_AUTHORIZATION'].
This fails on apache with FastCGI because that header does not exist there.

It is common to use rewrite rules like
> RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
to pass the authorization header to the FastCGI process, but it will be prefixed with REDIRECT_:

pecl/oauth should try to read from this variable in its oauthprovider::__construct method as fallback.

Currently I have to manually parse that header and pass the oauth parameters as array to the constructor. But duplicating that functionality in userland isn't really nice.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2014-08-21 19:31 UTC]
Makes sense to me. It's a relatively minor change as well, anyone have any objections?
 [2014-08-21 23:48 UTC]
That's Apache sadness for you ;-)

I'm fine with having that added as the fallback.

Btw, how about that release tag? ^_^
 [2014-08-22 00:54 UTC]
Cool, I figure we better let cweiske's test harness have its way before creating that tag :-)
 [2014-08-22 00:55 UTC]
I figure we better let cweiske's test harness have its way before creating that tag :-)
 [2014-08-22 03:57 UTC]
Automatic comment from SVN on behalf of jawed
Log: Bug 67883, prep for 1.2.4
 [2014-08-22 03:57 UTC]
Fixed in SVN, can you please check/review?
 [2014-08-22 06:53 UTC]
Sorry, but it does not work here. I get a "Missing required parameters" exception.
 [2014-10-06 21:16 UTC]
Could it be that the header mapping that .htaccess creates is pushed over to the cgi process in a different way?
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Jul 15 18:01:29 2024 UTC