Commit ed5f1c6c authored by Mahmoud Aglan's avatar Mahmoud Aglan

fix: Authorization header passthrough for Apache CGI

Co-Authored-By: 's avatarClaude Opus 4.6 <noreply@anthropic.com>
parent 4d7736a1
RewriteEngine On
# Pass Authorization header to PHP
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
# Serve existing files/dirs directly
RewriteCond %{REQUEST_URI} ^/public/ [OR]
RewriteCond %{REQUEST_URI} ^/api/
......
......@@ -3,7 +3,11 @@
require_once __DIR__ . '/../config/constants.php';
function getAuthToken(): ?string {
$header = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
$header = $_SERVER['HTTP_AUTHORIZATION'] ?? $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] ?? '';
if (empty($header) && function_exists('getallheaders')) {
$headers = getallheaders();
$header = $headers['Authorization'] ?? $headers['authorization'] ?? '';
}
if (preg_match('/Bearer\s+(.+)/i', $header, $m)) {
return $m[1];
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment