Level 1
Maybe these may help you:
https://github.com/sahat/satellizer/issues/178 https://github.com/sahat/satellizer/issues/300
It looks like some Apache modules remove the Authorization header for "security". Are you using Apache?
1 like
Jan 10, 2017
4
Level 3
Laravel 5.3 cannot find "Authorization" header?!
I'm making a jQuery $.get request. I have $.ajaxSetup like so:
$.ajaxSetup({
headers: {
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content'),
'Accept': 'application/json',
'Authorization': 'Bearer ' + '0123456789012345'
}
});
When the XHR request happens, the Authorization header is there according to Google Chrome Dev Tools.
However, if I dd() this in \Illuminate\Http\Request at line 827 like so:
public function bearerToken()
{
$header = $this->header('Authorization', '');
dd(__METHOD__ . ':' . __LINE__, $header);
if (Str::startsWith($header, 'Bearer ')) {
return Str::substr($header, 7);
}
}
I get this:
"Illuminate\Http\Request::bearerToken:829"
""
That "" is the empty header string. That is, there's no Authorization header.
And doing dd on $this->headers gives the header bag without the Authorization header in it. That is, it's completely lost.
I've also tried adding the header to the $.ajaxSetup with a beforeSend function that adds the header like so:
$.ajaxSetup.beforeSend = function(xhr){
xhr.setRequestHeader('Authorization', 'Bearer ' + '0123456789012345');
};
And, again, it appears in Chrome Dev Tools.
I've also tried sending an arbitrary header, like foo, and that appears in the header bag no problem.
'0123456789012345' is set in my users table api_token column, and I'm using the right user. I'm appending the string directly just for testing.
Here's my test route:
+--------+-----------+-----------------------+-------+------------------------------------------------+--------------+
| Domain | Method | URI | Name | Action | Middleware |
+--------+----------+----------------------+------+---------------------------------------------------+--------------+
| | GET|HEAD | api/reports/{report} | | App\Http\Controllers\Api\ReportsController@report | api,auth:api |
What's happening?
Level 3
@matt I'm using Apache.
Our dev team has a shiny docker container that uses nginx - that I'm waiting on my upgraded laptop to arrive to be able to use - so I'm developing locally with Apache in the meantime...
I'll check out those links, thanks.
Level 3
Thanks @matt - adding this to public/.htaccess fixed it.
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
4 likes
Level 6
@philsown you safe me, thanks!
1 like
Please or to participate in this conversation.