Skip to content

Commit

Permalink
fix #2783 CGIモードでJWT認証が可能になるようにしたい
Browse files Browse the repository at this point in the history
  • Loading branch information
ゴンドー committed Oct 5, 2023
1 parent 68c90e6 commit e9276f7
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 1 deletion.
9 changes: 9 additions & 0 deletions plugins/baser-core/src/Middleware/BcRequestFilterMiddleware.php
View file
Expand Up @@ -52,6 +52,15 @@ public function process(
return new Response();
}

/**
* CGIモード等PHPでJWT認証で必要なAuthorizationヘッダーが取得出来ないできない場合、REDIRECT_HTTP_AUTHORIZATION環境変数より取得する
* .htaccess等に下記を記載することで動作可能とする
* SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
*/
if (empty($request->getHeader('Authorization')) && $request->getEnv('REDIRECT_HTTP_AUTHORIZATION')) {
$request = $request->withHeader('Authorization', $request->getEnv('REDIRECT_HTTP_AUTHORIZATION'));
}

if(BcUtil::isInstalled()) $this->redirectIfIsDeviceFile($request, $handler);

return $handler->handle($request);
Expand Down
2 changes: 1 addition & 1 deletion plugins/baser-core/src/Plugin.php
View file
Expand Up @@ -280,9 +280,9 @@ public function middleware(MiddlewareQueue $middlewareQueue): MiddlewareQueue
{
$middlewareQueue
->insertBefore(CsrfProtectionMiddleware::class, new AuthenticationMiddleware($this))
->insertBefore(AuthenticationMiddleware::class, new BcRequestFilterMiddleware($this))
->add(new BcAdminMiddleware())
->add(new BcFrontMiddleware())
->add(new BcRequestFilterMiddleware())
->add(new BcRedirectSubSiteFilter());

// APIへのアクセスの場合、セッションによる認証以外は、CSRFを利用しない設定とする
Expand Down

0 comments on commit e9276f7

Please sign in to comment.