Missing Authorization Header in request->getHeaders() on MAMP #6631
Comments
|
So |
|
It does return data. But the requested Authorization parameter, which is required in the bearer auth filter, is missing. $authHeader = $request->getHeaders()->get('Authorization'); from: public function authenticate($user, $request, $response)
{
$authHeader = $request->getHeaders()->get('Authorization');
if ($authHeader !== null && preg_match("/^Bearer\\s+(.*?)$/", $authHeader, $matches)) {
$identity = $user->loginByAccessToken($matches[1], get_class($this));
if ($identity === null) {
$this->handleFailure($response);
}
return $identity;
}
return null;
}And as i could see, getHeaders() collects data from the function getallheaders(), i have debuged the output from getallheaders() and could have seen that Authorization parameter is not provided (at least on the mamp server installation). from: public function getHeaders()
{
if ($this->_headers === null) {
$this->_headers = new HeaderCollection;
if (function_exists('getallheaders')) {
$headers = getallheaders();
} elseif (function_exists('http_get_request_headers')) {
$headers = http_get_request_headers();
} else {
foreach ($_SERVER as $name => $value) {
if (strncmp($name, 'HTTP_', 5) === 0) {
$name = str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))));
$this->_headers->add($name, $value);
}
}
return $this->_headers;
}
foreach ($headers as $name => $value) {
$this->_headers->add($name, $value);
}
}
return $this->_headers;
} |
|
I think you should consult with MAMP support or google it for solution. This is not Yii-specific issue. |
|
I'll do some research on this issue and post back what i've found. If the problem appears to other people, you could mention it in your guide. |
|
Will wait for research results. Currently it's not clear why it happens and how to fix it. |
|
We have fixed the problem. The problem appears if you'r using CGI/FastCGI mode. As mentioned in the php comments (http://php.net/manual/en/features.http-auth.php#114877) you can put in the .htaccess file to make Authorizaion variable available. |
|
@nadar Two thumbs up for the solution. Inside MAMP Pro for those people using it, you need to switch back to Module Mode Under the PHP Tab, by selecting the Mode radio underneath PHP default version labeled as "Identical PHP version for all hosts (module)" if you choose to not edit the .htacess file. Thank you again for the solution with CGI! |
|
If you are using https://github.com/bshaffer/oauth2-server-php |
|
I am also facing a similar problem in my code. When I am working on my localhost then my code works perfect and i am getting the authorization in my headers varible as all the required headers are there, but issue comes when I hit the API from another origin as I look into the headers "authorization" header is missing in headers variable when I compare it to previous scenario. |
|
@gauravparashar12 Try to add: to your .htaccess file. |
|
@nadar Yes i added in the root .htacces but its not working and when i apply the condition on $authHeader in autheticate function in HttpBearerAuth class its working but i dont know why and how . Hack is : As I am debugging this issue I found the same request is made from angular two time, first without Authorization and second with Authorization. Do you have any idea regarding this? |
|
On which environment are you running your code/application?
|
|
on window 7 config file are getBaseUrl()); $config = [ 'components' => [ 'request' => [ // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation 'cookieValidationKey' => 'z9NT8BJ3dFGhwqyISaHxsGQJWPc04dO_gsdfgsdf', 'baseUrl' => $baseUrl, 'parsers' => [ 'application/json' => 'yii\web\JsonParser', ] ], 'user' => [ 'identityClass' => 'common\models\User', 'enableSession' => false, 'loginUrl' => null, 'enableAutoLogin' => false, 'identityCookie' => [ 'name' => '_frontendUser', // unique for backend 'path'=>'/lbp/frontend/web' // correct path for the backend app. ] ], 'session' => [ 'name' => 'PHPFRONTSESSID', 'savePath' => __DIR__ . '/../tmp', ], 'response' => [ 'class' => 'yii\web\Response', 'on beforeSend' => function ($event) { $response = $event->sender; if ($response->data !== null && Yii::$app->request->get('suppress_response_code')) { $response->data = [ 'success' => $response->isSuccessful, 'data' => $response->data, ]; $response->statusCode = 200; } }, ], 'urlManager' => [ 'class' => 'yii\web\UrlManager', 'baseUrl' => $baseUrl, 'enablePrettyUrl' => true, 'showScriptName' => false, //'enableStrictParsing' => true, 'rules' => [ ['class' => 'yii\rest\UrlRule', 'controller' =>['profile'], 'pluralize'=>false], ], ``` ], 'urlManagerBackEnd' => [ 'class' => 'yii\web\urlManager', 'baseUrl' => '/lbp/backend/web/', 'enablePrettyUrl' => true, 'showScriptName' => false, ], ], 'as access' => [ 'class' => 'mdm\admin\components\AccessControl', 'allowActions' => [ 'home/*', 'api/*', 'events/index', 'events/view', 'news/index', 'news/view', 'post/post-detail', 'categories/view-by-slug', 'pages/*', 'guestbook/*', // The actions listed here will be allowed to everyone including guests. // So, 'admin/*' should not appear here in the production, of course. // But in the earlier stages of your development, you may probably want to // add a lot of actions here until you finally completed setting up rbac, // otherwise you may not even take a first step. ] ] ``` ]; if (!YII_ENV_TEST) { // configuration adjustments for 'dev' environment $config['bootstrap'][] = 'debug'; $config['modules']['debug'] = 'yii\debug\Module'; ``` $config['bootstrap'][] = 'gii'; $config['modules']['gii'] = 'yii\gii\Module'; ``` } return $config; .htaccess file Options -Indexes RewriteEngine on SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 RewriteCond %{REQUEST_URI} !app RewriteCond %{REQUEST_URI} !media RewriteRule ^(.*)$ frontend/web/$1 [L] # Deny accessing below extensions Order allow,deny Deny from all # Deny accessing dot files RewriteRule (^.|/.) - [F] |
|
@gauravparashar12 better send me a mail. We will post the solution back here if its related to the starting topic. |
|
@nadar Your fix worked perfectly for me, thanks! |
|
@nadar Your fix...
worked for me like a charm. +1 to you - saved me lots of headaches I'm sure. Using Godaddy shared hosting with php 5.5. |
|
Thanks @nadar its working... |
|
@nadar |
|
Maybe this works: |
|
Just adding But following this article worked well! https://chrislee.kr/wp/2017/01/06/missing-authroization-header-in-request/ ;) |
|
Tried all the methods you guys provided, but none of them working, then I directly copied yii2 2.0.10's vendor/yiisoft folder to overwrite the currently 2.0.11's vendor/yiisoft , it is working now. It seems 2.0.11's change make Rest API not getting correct access token Tried on 3 Centos 7 servers with nginx, php5/php7 and localhost, all the same result. Do not forget to keep the original vendor/yiisoft/extensions.php or your installed plugins will be missing Hope this will help! |
|
@fangj99 have you tried latest stable version? |
|
Tested with 2.0.13, it seems filsh/yii2-oauth2-server and bshaffer/oauth2-server-php plugin are not compatible with 2.0.13 I have pasted error in below:
exception 'yii\base\ErrorException' with message 'Argument 1 passed to OAuth2\Server::handleTokenRequest() must be an instance of OAuth2\RequestInterface, instance of yii\web\Request given, called in /usr/share/nginx/html/dev-work20171103/vendor/filsh/yii2-oauth2-server/Server.php on line 39 and defined' in /usr/share/nginx/html/dev-work20171103/vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php:298
|
not working in my case |
|
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 add this line in .htaccess file and Working fine |
Case:
We are currently building a Yii2 Rest Application, which is access trough an Angular application. We have applied the authToken in a authInterceptor the verify the user who makes the request.
Problem:
The "Authorization Header" is not provided when using Yii2 Rest on a MAMP Server. The function getallheaders() in yii2\web\Request->getHeaders() does not return this Header entry. On an ubuntu server (for instance) it works like a charm, but not on every webserver configuration. Is there a workaround? Although, you should probably mention that in your Guide to use the correct Server Configuration (http://www.yiiframework.com/doc-2.0/guide-rest-authentication.html).
regards
The text was updated successfully, but these errors were encountered: