【发布时间】:2016-02-08 10:21:51
【问题描述】:
我有一个使用 OAtuth2 的应用程序,我发现授权标头存在问题。因为在 php 脚本中我无法读取此标头。
标头发送正确(Firebug 网络):
Accept application/json, text/plain, */*
Accept-Encoding gzip, deflate
Accept-Language pl,en-US;q=0.7,en;q=0.3
Authorization Bearer 3213826ad9147747f3927feca675e3aeee7d0306
Cache-Control max-age=0
Connection keep-alive
Cookie __utma=269300334.55671391.1445337979.1448456981.1453303397.4; __utmz=269300334.1453303397.4.3.utmcsr **strong text**=haynet.pl|utmccn=(referral)|utmcmd=referral|utmcct=/; _ga=GA1.2.55671391.1445337979; PHPSESSID=m3e64vsduq8vpacfhvnfka66k1; _gat=1
Host pze2.biuro.netivo.pl
Referer http://pze2.biuro.netivo.pl/
User-Agent Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
但是当我调用 getallheaders() 函数或 apache_request_headers() 函数时,我看不到 Authorization 标头,(来自 apache_request_headers() 的响应打印):
array(10) {
["Accept"]=>
string(33) "application/json, text/plain, */*"
["Accept-Encoding"]=>
string(13) "gzip, deflate"
["Accept-Language"]=>
string(23) "pl,en-US;q=0.7,en;q=0.3"
["Cache-Control"]=>
string(9) "max-age=0"
["Connection"]=>
string(10) "keep-alive"
["Cookie"]=>
string(230) "__utma=269300334.55671391.1445337979.1448456981.1453303397.4; __utmz=269300334.1453303397
.4.3.utmcsr=haynet.pl|utmccn=(referral)|utmcmd=referral|utmcct=/; _ga=GA1.2.55671391.1445337979; PHPSESSID
=m3e64vsduq8vpacfhvnfka66k1; _gat=1"
["Host"]=>
string(20) "pze2.biuro.netivo.pl"
["Referer"]=>
string(28) "http://pze2.biuro.netivo.pl/"
["User-Agent"]=>
string(73) "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
["X-Prerender-Token"]=>
string(20) "rVnH5kFzvZM1HbRkqZDU"
}
转储 $_SERVER var 也看不到标头。
我尝试在 htacces 中添加一些指令,但它仍然不起作用:
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
我的整个 htaccess 文件和 apache vhost:
<IfModule mod_headers.c>
RequestHeader set X-Prerender-Token "rVnH5kFzvZM1HbRkqZDU"
</IfModule>
<IfModule mod_rewrite.c>
Options -Indexes
RewriteEngine On
Header add Access-Control-Allow-Origin: *
Header add Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT"
Header set Access-Control-Allow-Headers: "Authorization"
# www => http
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
<IfModule mod_proxy_http.c>
RewriteCond %{HTTP_USER_AGENT} baiduspider|facebookexternalhit|twitterbot|rogerbot|linkedinbot|embedly|quora\ link\ preview|showyoubot|outbrain|pinterest|slackbot|vkShare|W3C_Validator [NC,OR]
RewriteCond %{QUERY_STRING} _escaped_fragment_
# Only proxy the request to Prerender if it's a request for HTML
RewriteRule ^(?!.*?(\.js|\.css|\.xml|\.less|\.png|\.jpg|\.jpeg|\.gif|\.pdf|\.doc|\.txt|\.ico|\.rss|\.zip|\.mp3|\.rar|\.exe|\.wmv|\.doc|\.avi|\.ppt|\.mpg|\.mpeg|\.tif|\.wav|\.mov|\.psd|\.ai|\.xls|\.mp4|\.m4a|\.swf|\.dat|\.dmg|\.iso|\.flv|\.m4v|\.torrent|\.ttf|\.woff))(.*) http://service.prerender.io/http://pze2.biuro.netivo.pl/$2 [P,L]
</IfModule>
//Some rewrite rules making my app work
</IfModule>
<VirtualHost *:80>
ServerName pze2.biuro.netivo.pl
ServerAlias pze2.swmilib.pl
DocumentRoot /var/www/pze2/
CustomLog /var/log/apache2/pze2_access.log combined
ErrorLog /var/log/apache2/pze2_error.log
<IfModule log_forensic_module>
ForensicLog /var/log/apache2/pze_forensic.log
</IfModule>
</VirtualHost>
请帮忙,我不知道为什么它不起作用。也许是服务器问题。如果是这样,请告诉我如何解决它。我有 apache2.2.22 和 PHP 5.6.13 的 debian 服务器
【问题讨论】:
-
尝试从 $_SERVER 变量访问标头:
var_dump($_SERVER) -
试过了,没有看到授权标头。
-
请将这些图片作为文本包含在内。
-
是否有可能在您的 Apache 配置中禁用加载
.htaccess文件?另外我想知道您的其他重写规则可能会以某种方式干扰授权重写规则。
标签: php apache oauth-2.0 http-headers