PHP POST 请求中缺少授权标头 [英] Authorization header missing in PHP POST request

问题描述

我目前正在尝试读取我通过 POST 请求调用的 PHP 脚本中的授权标头.Authorization 标头中填充了一个令牌.似乎授权标头在到达我的 PHP 脚本之前以某种方式被删除.我正在使用 Postman(Chrome 插件)执行发布请求，并在我的 PHP 脚本中启用了 CORS.我无法直接访问 apache 服务器.

I'm currently trying to read the authorization header in a PHP script that I'm calling with a POST request. The Authorization header is populated with a token. It seems the Authorization header is somehow removed before it arrives at my PHP script. I'm executing the post request with Postman (Chrome addon) and I enabled CORS in my PHP script. I don't have access to the apache server directly.

HTTP 请求:

Accept:*/*
Accept-Encoding:gzip,deflate
Accept-Language:de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4,ja;q=0.2
Authorization:Bearer mytoken
Cache-Control:no-cache
Connection:keep-alive
Content-Length:32
Content-Type:text/plain;charset=UTF-8
Host:www.myhost.com
Origin:chrome-extension://fdmmgilgnpjigdojojpjoooidkmcomcm
 User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)       
 Chrome/38.0.2125.104 Safari/537.36

PHP 脚本:

header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Headers: Authorization, Origin, X-Requested-With, Content-Type,      Accept");
header("Content-Type: application/json");

$headers = getallheaders();
echo $headers['Authorization'];

上面的脚本输出''(=没有).

The above script outputs '' (= nothing).

推荐答案

经过一段时间后，找到了解决此问题的方法.不知何故，Authorization 标头被剥离了.通过在我的 .htaccess 中添加以下几行，我能够让它工作.

After quite some time a found a solution to this problem. Somehow the Authorization header was stripped away. By adding the following lines in my .htaccess, I was able to get it to work.

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

这篇关于PHP POST 请求中缺少授权标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！