git.cweiske.de / anoweco.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
read authentication token from php-cgi header
[anoweco.git] / www / micropub.php
diff --git a/www/micropub.php b/www/micropub.php
index 375920b4fa400f7ecbcf297fb4a255c0fc900767..9d91272a7ecf4feb0d6dee4f899e2bf49094ff1f 100644 (file)
--- a/www/micropub.php
+++ b/www/micropub.php
@@ -106,13 +106,18 @@ function handleCreate($json, $token)
 
 function getTokenFromHeader()
 {
-    if (!isset($_SERVER['HTTP_AUTHORIZATION'])) {
+    if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
+        $auth = $_SERVER['HTTP_AUTHORIZATION'];
+    } else if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
+        //php-cgi has it there
+        $auth = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
+    } else {
         mpError(
             'HTTP/1.0 403 Forbidden', 'forbidden',
             'Authorization HTTP header missing'
         );
     }
-    list($bearer, $token) = explode(' ', $_SERVER['HTTP_AUTHORIZATION'], 2);
+    list($bearer, $token) = explode(' ', $auth, 2);
     if ($bearer !== 'Bearer') {
         mpError(
             'HTTP/1.0 403 Forbidden', 'forbidden',
Anonymous web comments for the indieweb