php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #67883 OAuthProvider misses authorization header on Apache+FastCGI
Submitted: 2014-08-21 19:24 UTC Modified: 2014-10-06 21:16 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: cweiske@php.net Assigned:
Status: Open Package: oauth (PECL)
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Have you experienced this issue?
Rate the importance of this bug to you:

 [2014-08-21 19:24 UTC] cweiske@php.net 
Description:
------------
OAuthProvider extracts oauth data from the Authorization header which is available in $_SERVER['HTTP_AUTHORIZATION'].
This fails on apache with FastCGI because that header does not exist there.

It is common to use rewrite rules like
> RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
to pass the authorization header to the FastCGI process, but it will be prefixed with REDIRECT_:
> REDIRECT_HTTP_AUTHORIZATION

pecl/oauth should try to read from this variable in its oauthprovider::__construct method as fallback.

Currently I have to manually parse that header and pass the oauth parameters as array to the constructor. But duplicating that functionality in userland isn't really nice.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-08-21 19:31 UTC] jawed@php.net 
Makes sense to me. It's a relatively minor change as well, anyone have any objections?
 [2014-08-21 23:48 UTC] datibbaw@php.net 
That's Apache sadness for you ;-)

I'm fine with having that added as the fallback.

Btw, how about that release tag? ^_^
 [2014-08-22 00:54 UTC] jawed@php.net 
Cool, I figure we better let cweiske's test harness have its way before creating that tag :-)
 [2014-08-22 00:55 UTC] jawed@php.net 
I figure we better let cweiske's test harness have its way before creating that tag :-)
 [2014-08-22 03:57 UTC] jawed@php.net 
Automatic comment from SVN on behalf of jawed
Revision: http://svn.php.net/viewvc/?view=revision&revision=334579
Log: Bug 67883, prep for 1.2.4
 [2014-08-22 03:57 UTC] jawed@php.net 
Fixed in SVN, can you please check/review?
 [2014-08-22 06:53 UTC] cweiske@php.net 
Sorry, but it does not work here. I get a "Missing required parameters" exception.
 [2014-10-06 21:16 UTC] cweiske@php.net 
Could it be that the header mapping that .htaccess creates is pushed over to the cgi process in a different way?
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Apr 27 06:01:30 2024 UTC