Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTP_AUTHORIZATION is called REDIRECT_HTTP_AUTHORIZATION on some server configurations #47

Open
panic175 opened this issue Dec 5, 2014 · 2 comments
Open

HTTP_AUTHORIZATION is called REDIRECT_HTTP_AUTHORIZATION on some server configurations #47

panic175 opened this issue Dec 5, 2014 · 2 comments
Labels
Discussion

Comments

@panic175
Copy link

panic175 commented Dec 5, 2014

The prefix is present on some configurations of PHP with FastCGI. So I guess OAuth1 should check for both.
See here: WP-API/api-console#1 (comment)
@joehoyle
Copy link
Member

Hmm I'm not sure if this is any official header and therefore should be included, I'm leaning towards no, but let's open this for discussion.

@fatica
Copy link

fatica commented Dec 30, 2016

I'd like to mention that we see this regularly.

Where REDIRECT_HTTP_AUTHORIZATION is present, but HTTP_AUTHORIZATION is not.

I understand this occurs when PHP is running in FastCGI mode and the HTTP_AUTHORIZATION is set via SetEnv or .htaccess directives such as

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}

FWIW the same issue occurs in the Wordpress Basic Auth plugin.

We've handled this as described in this article:
https://www.metalocator.com/wp-json-basic-auth-with-fastcgi/

@discordier discordier mentioned this issue Aug 28, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Discussion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@joehoyle @fatica @panic175