Apache可以阻止承载身份验证标头吗? [英] Can apache prevent bearer authentication header?
问题描述
我正在使用不赞成使用的oauth2项目测试lumen 5.3.有一个使用代理并在服务器上隐藏客户端ID和机密的教程.
I am testing lumen 5.3 with a deprecated oauth2 project. There is a tutorial using proxy and hiding client ID and secret on the server .
流明没有护照,所以我必须使用这个包裹.
Lumen does not has passport ported so I have to use this package.
无论如何.我设法走得足够远,可以从服务器获取令牌.
Anyway. I managed to go far enough to get the token from server.
但是我的Authentication标头已被Lumen忽略.
But my Authentication header has been ignored by Lumen.
身份验证标头在哪里?我确定发送.
Where is the Authentication header? I send it for sure.
所以我现在想知道,是阿帕奇吗?需要一些模块吗?对于这种承载身份验证?
So I wonder now , is it apache ? Some module is needed? For this Bearer Authentication?
推荐答案
Apache2默认"执行此操作!
将此添加到您的.htaccess文件中即可解决此问题.
Add this into your .htaccess to solve this.
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
请参阅:
https://github.com/tymondesigns/jwt-auth/issues/262
这篇关于Apache可以阻止承载身份验证标头吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!