php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67883 OAuthProvider misses authorization header on Apache+FastCGI
Submitted: 2014-08-21 19:24 UTC Modified: 2014-10-06 21:16 UTC
From: cweiske@php.net Assigned:
Status: Open Package: oauth (PECL)
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: cweiske@php.net
New email:
PHP Version: OS:

 

 [2014-08-21 19:24 UTC] cweiske@php.net
Description:
------------
OAuthProvider extracts oauth data from the Authorization header which is available in $_SERVER['HTTP_AUTHORIZATION'].
This fails on apache with FastCGI because that header does not exist there.

It is common to use rewrite rules like
> RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
to pass the authorization header to the FastCGI process, but it will be prefixed with REDIRECT_:
> REDIRECT_HTTP_AUTHORIZATION

pecl/oauth should try to read from this variable in its oauthprovider::__construct method as fallback.

Currently I have to manually parse that header and pass the oauth parameters as array to the constructor. But duplicating that functionality in userland isn't really nice.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-08-21 19:31 UTC] jawed@php.net
Makes sense to me. It's a relatively minor change as well, anyone have any objections?
 [2014-08-21 23:48 UTC] datibbaw@php.net
That's Apache sadness for you ;-)

I'm fine with having that added as the fallback.

Btw, how about that release tag? ^_^
 [2014-08-22 00:54 UTC] jawed@php.net
Cool, I figure we better let cweiske's test harness have its way before creating that tag :-)
 [2014-08-22 00:55 UTC] jawed@php.net
I figure we better let cweiske's test harness have its way before creating that tag :-)
 [2014-08-22 03:57 UTC] jawed@php.net
Automatic comment from SVN on behalf of jawed
Revision: http://svn.php.net/viewvc/?view=revision&revision=334579
Log: Bug 67883, prep for 1.2.4
 [2014-08-22 03:57 UTC] jawed@php.net
Fixed in SVN, can you please check/review?
 [2014-08-22 06:53 UTC] cweiske@php.net
Sorry, but it does not work here. I get a "Missing required parameters" exception.
 [2014-10-06 21:16 UTC] cweiske@php.net
Could it be that the header mapping that .htaccess creates is pushed over to the cgi process in a different way?
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Dec 07 09:01:24 2019 UTC