From fd760dceff0278836fd05fd4bd314218dc33db34 Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Sun, 7 Aug 2016 19:34:58 +0200 Subject: [PATCH] read authentication token from php-cgi header --- www/micropub.php | 9 +++++++-- www/token.php | 9 +++++++-- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/www/micropub.php b/www/micropub.php index 375920b..9d91272 100644 --- a/www/micropub.php +++ b/www/micropub.php @@ -106,13 +106,18 @@ function handleCreate($json, $token) function getTokenFromHeader() { - if (!isset($_SERVER['HTTP_AUTHORIZATION'])) { + if (isset($_SERVER['HTTP_AUTHORIZATION'])) { + $auth = $_SERVER['HTTP_AUTHORIZATION']; + } else if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { + //php-cgi has it there + $auth = $_SERVER['REDIRECT_HTTP_AUTHORIZATION']; + } else { mpError( 'HTTP/1.0 403 Forbidden', 'forbidden', 'Authorization HTTP header missing' ); } - list($bearer, $token) = explode(' ', $_SERVER['HTTP_AUTHORIZATION'], 2); + list($bearer, $token) = explode(' ', $auth, 2); if ($bearer !== 'Bearer') { mpError( 'HTTP/1.0 403 Forbidden', 'forbidden', diff --git a/www/token.php b/www/token.php index be9a264..667fc7b 100644 --- a/www/token.php +++ b/www/token.php @@ -39,10 +39,15 @@ function getOptionalParameter($givenParams, $paramName, $default) if ($_SERVER['REQUEST_METHOD'] == 'GET') { //verify token - if (!isset($_SERVER['HTTP_AUTHORIZATION'])) { + if (isset($_SERVER['HTTP_AUTHORIZATION'])) { + $auth = $_SERVER['HTTP_AUTHORIZATION']; + } else if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { + //php-cgi has it there + $auth = $_SERVER['REDIRECT_HTTP_AUTHORIZATION']; + } else { error('Authorization HTTP header missing'); } - list($bearer, $token) = explode(' ', $_SERVER['HTTP_AUTHORIZATION'], 2); + list($bearer, $token) = explode(' ', $auth, 2); if ($bearer !== 'Bearer') { error('Authorization header must start with "Bearer"'); } -- 2.30.2