I am attempting to create a REST API in PHP and I'd like to implement an authentication scheme similar to Amazon's S3 approach. This involves setting a custom 'Authorization' header in the request.
I had thought I would be able to access the header with $_SERVER['HTTP_AUTHORIZATION'], but it's nowhere to be found in var_dump($_SERVER). The apache_request_headers() function would solve my problem, but my host implements PHP as CGI, so it's unavailable.
Is there another way I can access the complete request headers in PHP?
-
There is a fantastic PECL extension that allows for all sorts of HTTP related access. PECL_HTTP and more specifically http://php.net/http and http://php.net/manual/en/function.http-get-request-headers.php.
-
You'll need to do some
mod_rewritewizardry to get your headers past the CGI barrier, like so:RewriteEngine on RewriteRule .? - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] <?php $auth = $_SERVER['HTTP_AUTHORIZATION']; ?>Note that if you're using
mod_rewritefor other purposes, it could end up being$_SERVER['REDIRECT_HTTP_AUTHORIZATION'].vamin : That works like a charm, thank you. -
Try
$_ENV['HTTP_AUTHORIZATION']When using CGI interface instead of Apache Module interface, HTTP headers should be available as environment variables.
0 comments:
Post a Comment