HTTP_AUTHORIZATION not being passed to PHP $_SERVER variable

[dur41d]

Describe the bug
After installing the api on Apache/CGI PHP on my host I found that the Authorization header is not being passed to PHP $_SERVER variable can causing the authentication to fail.

To Reproduce
Steps to reproduce the behavior:

1. Install the API on Apache/CGI PHP setup. I used https://www.nearlyfreespeech.net host.
2. create a php page that has var_dump($_SERVER);
3. Issue a request with Authorization: Bearer in the request header
4. Note that the response will not contain the Authorization header.

Expected behavior
The response contains the Authorization header value under "HTTP_Authorization".

PHP info

PHP Version 7.2.9-nfsn1

System	FreeBSD maakom.nfshost.com 11.2-RELEASE-p2 FreeBSD 11.2-RELEASE-p2 #2 r337888M: Thu Aug 16 08:14:33 UTC 2018 root@x7:/usr/obj/usr/src/sys/NFSN64 amd64
Build Date	Aug 20 2018 18:42:21
Configure Command	'./configure' '--prefix=/usr/local/php/7.2.9-nfsn1' '--includedir=/usr/local/php/7.2.9-nfsn1/include/' '--libdir=/usr/local/php/7.2.9-nfsn1' '--libexecdir=/usr/local/php/7.2.9-nfsn1/libexec/' '--mandir=/usr/local/php/7.2.9-nfsn1/man/' '--with-config-file-path=/usr/local/php/7.2.9-nfsn1/etc/' '--disable-all' '--with-openssl' '--disable-cli' '--disable-phpdbg' '--disable-cgi' '--enable-null=shared' '--enable-libxml' '--enable-xml' '--enable-simplexml' '--enable-pdo' '--enable-hash' '--with-pdo-mysql=mysqlnd' '--with-mysqli=mysqlnd' '--with-pcre-regex=/usr/local' '--with-pear=/usr/local/php/lib' '--with-password-argon2'
Server API	NearlyFreeSpeech.NET PHP SAPI
Virtual Directory Support	disabled
Configuration File (php.ini) Path	/usr/local/php/7.2.9-nfsn1/etc/
Loaded Configuration File	/usr/local/php/7.2.9-nfsn1/etc/php.ini
Scan this dir for additional .ini files	(none)
Additional .ini files parsed	(none)
PHP API	20170718
PHP Extension	20170718
Zend Extension	320170718
Zend Extension Build	API320170718,NTS
PHP Extension Build	API20170718,NTS
Debug Build	no
Thread Safety	disabled
Zend Signal Handling	enabled
Zend Memory Manager	enabled
Zend Multibyte Support	provided by mbstring
IPv6 Support	enabled
DTrace Support	disabled
Registered PHP Streams	https, ftps, php, file, glob, data, http, ftp, compress.bzip2, compress.zlib, zip, phar
Registered Stream Socket Transports	tcp, udp, unix, udg, ssl, sslv3, tls, tlsv1.0, tlsv1.1, tlsv1.2
Registered Stream Filters	string.rot13, string.toupper, string.tolower, string.strip_tags, convert., consumed, dechunk, bzip2., convert.iconv., zlib.

[wellingguzman]

I haven't been able to reproduce this issue.

I tried @dur41d server and the header is definitely removed. When the HTTP_AUTHORIZATION header has a basic or digest method it fills the PHP_AUTH_USER and PHP_AUTH_PW variables, which means it can reads the HTTP_AUTHORIZATION, but as soon as this value is not "valid" it doesn't show up in the $_SERVER list.

The PHP Server API is declared as NearlyFreeSpeech.NET PHP SAPI and the version as 7.2.9-nfsn1. I don't know if this just a simple name on their service or if this php version has been altered by the hosting provider.

Any information that helps us find the root of this issue would be highly appreciated.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[benhaynes]

Hey @dur41d — I'd love to get this one resolved for you, but we need a bit more info to reproduce it. Thank you for such a detailed initial report... let us know if there's anything else we can do to replicate... otherwise I'll let StaleBot do its thing.

[wellingguzman]

I reopened it, but I will close this again. There was no way for us to reproduce and I will be glad to solve this. As this is most likely a web server issue related. We will keep it closed.

[dur41d]

I agree. It's safe to close it since nobody else had this issue.