问题描述

我目前正在尝试读取我通过 POST 请求调用的 PHP 脚本中的授权标头.Authorization 标头中填充了一个令牌.似乎授权标头在到达我的 PHP 脚本之前以某种方式被删除.我正在使用 Postman(Chrome 插件)执行发布请求，并在我的 PHP 脚本中启用了 CORS.我无法直接访问 apache 服务器.

I'm currently trying to read the authorization header in a PHP script that I'm calling with a POST request. The Authorization header is populated with a token. It seems the Authorization header is somehow removed before it arrives at my PHP script. I'm executing the post request with Postman (Chrome addon) and I enabled CORS in my PHP script. I don't have access to the apache server directly.

HTTP 请求:

Accept:*/*
Accept-Encoding:gzip,deflate
Accept-Language:de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4,ja;q=0.2
Authorization:Bearer mytoken
Cache-Control:no-cache
Connection:keep-alive
Content-Length:32
Content-Type:text/plain;charset=UTF-8
Host:www.myhost.com
Origin:chrome-extension://fdmmgilgnpjigdojojpjoooidkmcomcm
 User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
 Chrome/38.0.2125.104 Safari/537.36

PHP 脚本:

header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Headers: Authorization, Origin, X-Requested-With, Content-Type,      Accept");
header("Content-Type: application/json");

$headers = getallheaders();
echo $headers['Authorization'];

上面的脚本输出''(=没有).

The above script outputs '' (= nothing).

推荐答案

经过一段时间后，找到了解决此问题的方法.不知何故，Authorization 标头被剥离了.通过在我的 .htaccess 中添加以下几行，我能够让它工作.

After quite some time a found a solution to this problem. Somehow the Authorization header was stripped away. By adding the following lines in my .htaccess, I was able to get it to work.

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

这篇关于PHP POST 请求中缺少授权标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！