Switch to X-Authorization HTTP header between JS and proxy for better compatibility

Author: Pat Patterson

forcetk.js

@@ -72,14 +72,17 @@ if (forcetk.Client === undefined) {
             if (location.protocol === 'file:'){
                 // In PhoneGap
                 this.proxy_url = null;
+                this.authzHeader = null;
             } else {
                 // In Visualforce
                 this.proxy_url = location.protocol + "//" + location.hostname
                 + "/services/proxy";
+                this.authzHeader = "Authorization";
             }
         } else {
             // On a server outside VF
             this.proxy_url = proxyUrl;
+            this.authzHeader = "X-Authorization";
         }
     }
 
@@ -92,8 +95,8 @@ if (forcetk.Client === undefined) {
      * @param [payload=null] payload for POST/PATCH etc
      */
     forcetk.Client.prototype.ajax = function(path, callback, error, method, payload) {
+        var that = this;
         var url = this.instance_url + '/services/data' + path;
-        var sessionId = this.sessionId;
 
         $j.ajax({
             type: (typeof method === 'undefined' || method == null) 
@@ -107,10 +110,10 @@ if (forcetk.Client === undefined) {
             error: error,
             dataType: "json",
             beforeSend: function(xhr) {
-                if (this.proxy_url !== null) {
+                if (that.proxy_url !== null) {
                     xhr.setRequestHeader('SalesforceProxy-Endpoint', url);
                 }
-                xhr.setRequestHeader("Authorization", "OAuth " + sessionId);
+                xhr.setRequestHeader(that.authzHeader, "OAuth " + that.sessionId);
             }
         });
     }

proxy.php

@@ -174,7 +174,7 @@
 $url_query_param = null; // 'url'
 $url_header = 'HTTP_SALESFORCEPROXY_ENDPOINT';
 
-$authz_header = 'AUTHORIZATION';
+$authz_header = 'HTTP_X_AUTHORIZATION';
 
 $return_all_headers = true;
 
@@ -186,22 +186,10 @@
 
 $status = array();
 
-// Get the full collection of HTTP headers - start with $_SERVER...
-$request_headers = $_SERVER;
-
-// ...and add anything in apache_request_headers() that's not already there
-foreach(apache_request_headers() as $key=>$value) {
-	$key = str_replace(" ","_",strtoupper(str_replace("-"," ",$key)));
-	if ((! array_key_exists($key, $request_headers)) 
-	  && (! array_key_exists('HTTP_'.$key, $request_headers))) {
-		$request_headers[$key]=urldecode($value);
-	}
-}
-
 if ( $url_query_param != null ) {
 	$url = $_GET[$url_query_param];
 } else if ( $url_header != null ) {
-	$url = $request_headers[$url_header];
+	$url = $_SERVER[$url_header];
 } else {
 	$url = null;
 }
@@ -260,13 +248,13 @@
   }
 
   $headers = array();
-  if ( isset($authz_header) && isset($request_headers[$authz_header]) ) {
+  if ( isset($authz_header) && isset($_SERVER[$authz_header]) ) {
     // Set the Authorization header
-    array_push($headers, "Authorization: ".$request_headers[$authz_header] );
+    array_push($headers, "Authorization: ".$_SERVER[$authz_header] );
   }
-  if ( isset($request_headers['CONTENT_TYPE']) ) {
+  if ( isset($_SERVER['CONTENT_TYPE']) ) {
 	// Pass through the Content-Type header
-	array_push($headers, "Content-Type: ".$request_headers['CONTENT_TYPE'] );
+	array_push($headers, "Content-Type: ".$_SERVER['CONTENT_TYPE'] );
   }	
   if ( count($headers) > 0 ) {
 	curl_setopt( $ch, CURLOPT_HTTPHEADER, $headers );