Symfony 2.3 getRequest()->headers not showing Authorization Bearer Token
Solution 1
It is most likely stripped by Apache. Bearer
is not a known scheme, it is sort of proprietary.
Therefore, either you use a custom header, like X-Bearer-Token: 123456789
or you can try to add this rewrite condition in your .htaccess
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
Solution 2
Symfony is using php global variable $_SERVER
to create Request->headers
variable, but $_SERVER
does not contain all headers. For getting all headers you have to use php native function getallheaders()
more info: http://php.net/manual/en/function.getallheaders.php
Solution 3
There seems to be a disconnect here between the question and the accepted answer. If the Authorization header is available to PHP's getallheaders() then Apache clearly isn't stripping it. I'd guess that the problem is related to the use of Symfony. $this->getRequest()->headers doesn't return an object containing headers, it returns a HeaderBag. Assuming the header is visible to getallheaders(), this works:
$this->getRequest()->headers->all();
Or more specifically:
$this->getRequest()->headers->get('Authorization');
Solution 4
seems like the apache mod_php "eats" the authorization header.
this worked for me:
if (!$request->headers->has('Authorization') && function_exists('apache_request_headers')) {
$all = apache_request_headers();
if (isset($all['Authorization'])) {
$request->headers->set('Authorization', $all['Authorization']);
}
}
Related videos on Youtube
Pathsofdesign
Updated on August 31, 2022Comments
-
Pathsofdesign over 1 year
I am passing an Authorization: Bearer { Token } as a HTTP request to my Symfony Rest Controller.
My Request:
GET /app_dev.php/api/members HTTP/1.1 Host: localhost Authorization: Bearer 123456789 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded
Inside My controller:
$this->getRequest()->headers;
For some reason when I use Symfony's Request method the Authorization header isn't available to my controller. When I use PHP's getallheaders() the Authorization header shows up as expected. Any Ideas on why Symfony isn't seeing it?
Thanks
-
Pathsofdesign over 10 yearsIf Apache is stripping 'Authorization' is there a reason why I can access it via raw PHP and not Symfony? I also tried the RewriteConds, no success.
-
Pathsofdesign over 10 yearsSorry, I placed the Rewrite conditions at the bottom of .htaccess with no results, but when I placed the code at the top of .htaccess it does work. Thanks for your help.
-
Caleb Fidecaro almost 10 yearsAre you able to add a bit of explaination about 1. why it's visible to PHP's getallheaders() and 2. why this rewrite rule works?
-
ekouChiq over 7 yearsIs there any other way, without doing the
rewrite condition in your .htaccess
. I'm confused because, some clients such as Android,iOS, Web clients/devices are working properly without the need for rewrite condition. But when using Android-React-Native, the problem exist.