[DX] Better apache authorization header "bug" handling #25
Comments
slashfan
changed the title
|
Oops, just realized that the |
|
I found this one : http://stackoverflow.com/questions/17018586/apache-2-4-php-fpm-and-authorization-headers Basically, i would say that updating your .htaccess in your own project dir seems fine enough. If you use a virtualhost without .htaccess, then you are capable enough to add this to your virtualhost config. Adding the listener is a nice approach, but only helps on apache mod-php and i would not want it to run on all other servers. So maybe just add a link to that listener for another approach to the docs, but leave it to the developer to pick one of the approaches. |
|
I think you're right, I'll add your link to the doc for apache-fpm users. |
|
Another, even easier solution in many cases is to simply add |
As mentionned by @arendjantetteroo in a precedent issue #23, Apache server will strip any
Authorization headernot in a valid HTTP BASIC AUTH format, causing the bundle to be useless in "header mode".To work around the problem, 3 main approches exists :
apache_request_headersphp function to retrieve the original header (description here)For now I have documented the first solution, but it might not be the most DX-friendly. Adding the logic to extract the original header inside the AuthorizationHeaderTokenExtractor might be simpler for newcomers.
Does anybody have an opinion on this one ? Thanks !
The text was updated successfully, but these errors were encountered: