git.cweiske.de / anoweco.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a7ff94c)
read authentication token from php-cgi header
authorChristian Weiske <cweiske@cweiske.de>
Sun, 7 Aug 2016 17:34:58 +0000 (19:34 +0200)
committerChristian Weiske <cweiske@cweiske.de>
Sun, 7 Aug 2016 17:34:58 +0000 (19:34 +0200)
www/micropub.php patch | blob | history
www/token.php patch | blob | history

diff --git a/www/micropub.php b/www/micropub.php
index 375920b4fa400f7ecbcf297fb4a255c0fc900767..9d91272a7ecf4feb0d6dee4f899e2bf49094ff1f 100644 (file)
--- a/www/micropub.php
+++ b/www/micropub.php
@@ -106,13 +106,18 @@ function handleCreate($json, $token)
 
 function getTokenFromHeader()
 {
 
 function getTokenFromHeader()
 {
-    if (!isset($_SERVER['HTTP_AUTHORIZATION'])) {
+    if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
+        $auth = $_SERVER['HTTP_AUTHORIZATION'];
+    } else if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
+        //php-cgi has it there
+        $auth = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
+    } else {
         mpError(
             'HTTP/1.0 403 Forbidden', 'forbidden',
             'Authorization HTTP header missing'
         );
     }
         mpError(
             'HTTP/1.0 403 Forbidden', 'forbidden',
             'Authorization HTTP header missing'
         );
     }
-    list($bearer, $token) = explode(' ', $_SERVER['HTTP_AUTHORIZATION'], 2);
+    list($bearer, $token) = explode(' ', $auth, 2);
     if ($bearer !== 'Bearer') {
         mpError(
             'HTTP/1.0 403 Forbidden', 'forbidden',
     if ($bearer !== 'Bearer') {
         mpError(
             'HTTP/1.0 403 Forbidden', 'forbidden',
diff --git a/www/token.php b/www/token.php
index be9a264ecd4855c981ab2f045d2fd79381859690..667fc7bd5946a38bee312a169e034149e73dc558 100644 (file)
--- a/www/token.php
+++ b/www/token.php
@@ -39,10 +39,15 @@ function getOptionalParameter($givenParams, $paramName, $default)
 
 if ($_SERVER['REQUEST_METHOD'] == 'GET') {
     //verify token
 
 if ($_SERVER['REQUEST_METHOD'] == 'GET') {
     //verify token
-    if (!isset($_SERVER['HTTP_AUTHORIZATION'])) {
+    if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
+        $auth = $_SERVER['HTTP_AUTHORIZATION'];
+    } else if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
+        //php-cgi has it there
+        $auth = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
+    } else {
         error('Authorization HTTP header missing');
     }
         error('Authorization HTTP header missing');
     }
-    list($bearer, $token) = explode(' ', $_SERVER['HTTP_AUTHORIZATION'], 2);
+    list($bearer, $token) = explode(' ', $auth, 2);
     if ($bearer !== 'Bearer') {
         error('Authorization header must start with "Bearer"');
     }
     if ($bearer !== 'Bearer') {
         error('Authorization header must start with "Bearer"');
     }
Anonymous web comments for the indieweb