Workaround for HTTP authentication in the API when running PHP as CGI/FastCGI. Example rewrite lines added as comments in htaccess.sample, API tweaked to accept alternate environment var form.
This commit is contained in:
Brion Vibber
parent
b9fc4c24b4
commit
1c942afa60
@ -5,6 +5,11 @@
|
|||||||
|
|
||||||
RewriteBase /mublog/
|
RewriteBase /mublog/
|
||||||
|
|
||||||
|
## Uncomment these if having trouble with API authentication
|
||||||
|
## when PHP is running in CGI or FastCGI mode.
|
||||||
|
#RewriteCond %{HTTP:Authorization} ^(.*)
|
||||||
|
#RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
|
||||||
|
|
||||||
RewriteCond %{REQUEST_FILENAME} !-f
|
RewriteCond %{REQUEST_FILENAME} !-f
|
||||||
RewriteCond %{REQUEST_FILENAME} !-d
|
RewriteCond %{REQUEST_FILENAME} !-d
|
||||||
RewriteRule (.*) index.php?p=$1 [L,QSA]
|
RewriteRule (.*) index.php?p=$1 [L,QSA]
|
||||||
|
|||||||
@ -294,11 +294,15 @@ class ApiAuthAction extends ApiAction
|
|||||||
|
|
||||||
function basicAuthProcessHeader()
|
function basicAuthProcessHeader()
|
||||||
{
|
{
|
||||||
if (isset($_SERVER['AUTHORIZATION'])
|
$authHeaders = array('AUTHORIZATION',
|
||||||
|| isset($_SERVER['HTTP_AUTHORIZATION'])
|
'HTTP_AUTHORIZATION',
|
||||||
) {
|
'REDIRECT_HTTP_AUTHORIZATION'); // rewrite for CGI
|
||||||
$authorization_header = isset($_SERVER['HTTP_AUTHORIZATION'])
|
$authorization_header = null;
|
||||||
? $_SERVER['HTTP_AUTHORIZATION'] : $_SERVER['AUTHORIZATION'];
|
foreach ($authHeaders as $header) {
|
||||||
|
if (isset($_SERVER[$header])) {
|
||||||
|
$authorization_header = $_SERVER[$header];
|
||||||
|
break;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($_SERVER['PHP_AUTH_USER'])) {
|
if (isset($_SERVER['PHP_AUTH_USER'])) {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user