This has been asked before, but. I'm trying to implement JWT token auth with PHP 7 on apache 2.4. The script (symfony) never sees the Authorization
header.
I've read Apache strips down "Authorization" header and already added:
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
to no avail. mod_rewrite
is enabled and php loaded as module.
My simple test case is
curl --header "Authorization: Bearer eyJ0....." http://localhost/test.php
I'm totally lost as to what else could potentially be needed to get the Authorization
header into php?
Update
Thanks to Olaf Dietsche I've found that the header is present via apache_request_headers()
. So the HTTP_AUTHORIZATION
is not part of $_SERVER
but can be accessed using the Apache functions.
I've opened https://github.com/symfony/symfony/issues/19693 and https://bugs.php.net/bug.php?id=72915 for further investigation.