'header' => array(
'Authorization: Bearer ' . $token
),
+ 'ignore_errors' => true,
),
)
);
mpError(
'HTTP/1.0 403 Forbidden',
'forbidden',
- 'Error verifying bearer token'
+ 'Error verifying bearer token: ' . trim($res)
);
}
);
}
- if (!isset($json->properties->{'in-reply-to'})) {
- mpError(
- 'HTTP/1.0 400 Bad Request',
- 'invalid_request',
- 'Only replies accepted'
- );
- }
-
$storage = new Storage();
+ $lb = new Linkback();
try {
$id = $storage->addComment($json, $userId);
+ $lb->ping($id);
header('HTTP/1.0 201 Created');
header('Location: ' . Urls::full(Urls::comment($id)));
exit();
} catch (\Exception $e) {
- //FIXME: return correct status code
- header('HTTP/1.0 500 Internal Server Error');
+ if ($e->getCode() == 400) {
+ mpError(
+ 'HTTP/1.0 400 Bad Request',
+ 'invalid_request',
+ $e->getMessage()
+ );
+ }
+
+ mpError(
+ 'HTTP/1.0 500 Internal Server Error',
+ 'this_violates_the_spec',
+ $e->getMessage()
+ );
exit();
}
}
function getTokenFromHeader()
{
- if (!isset($_SERVER['HTTP_AUTHORIZATION'])) {
+ if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
+ $auth = $_SERVER['HTTP_AUTHORIZATION'];
+ } else if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
+ //php-cgi has it there
+ $auth = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
+ } else {
mpError(
'HTTP/1.0 403 Forbidden', 'forbidden',
'Authorization HTTP header missing'
);
}
- list($bearer, $token) = explode(' ', $_SERVER['HTTP_AUTHORIZATION'], 2);
+ list($bearer, $token) = explode(' ', $auth, 2);
if ($bearer !== 'Bearer') {
mpError(
'HTTP/1.0 403 Forbidden', 'forbidden',