This has been asked before, but. I'm trying to implement JWT token auth with PHP 7 on apache 2.4. The script (symfony) never sees the Authorization header.
I've read Apache strips down "Authorization" header and already added:
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
to no avail. mod_rewrite is enabled and php loaded as module.
My simple test case is
curl --header "Authorization: Bearer eyJ0....." http://localhost/test.php
I'm totally lost as to what else could potentially be needed to get the Authorization header into php?
Update
Thanks to Olaf Dietsche I've found that the header is present via apache_request_headers(). So the HTTP_AUTHORIZATION is not part of $_SERVER but can be accessed using the Apache functions.
I've opened https://github.com/symfony/symfony/issues/19693 and https://bugs.php.net/bug.php?id=72915 for further investigation.
