merged branch grEvenX/authorization_example_fix (PR #4370)

Commits ------- 0935964 Modified example for mod_rewrite to not add Authorization header if it is not set in the request Discussion ---------- Correct example mod_rewrite to not add Authorization header that does not exists The in-line PHP code comment suggest to do some changes in .htaccess with mod_rewrite to pass HTTP-Authorization header to PHP. This leads to the Authorization header being introduced even when it's not originally in the request (albit empty, the result of ParameterBag->has('Authorization') will return true when you expect it not to. Some external libraries might check for this header and perform logic based on wether it was set or not (The php-oauth2 library in my case). I suggest this fix which I think is a more proper way of handling the case anyway, since when the header is not set you don't expect it to exist in the ServerBag either. (I tried to search the documentation for this but did not find it, but I guess this probably should go into the documentation somewhere?) --------------------------------------------------------------------------- by travisbot at 2012-05-22T12:51:25Z This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1399753) (merged 0935964b into 517ae43f).
2012-05-22 15:10:48 +02:00 · 2012-05-22 15:10:48 +02:00 · ad6779bc2f
commit ad6779bc2f
parent 3b58564ed0 0935964b29
1 changed files with 3 additions and 1 deletions
--- a/src/Symfony/Component/HttpFoundation/ServerBag.php
+++ b/src/Symfony/Component/HttpFoundation/ServerBag.php
@ -44,11 +44,13 @@ class ServerBag extends ParameterBag
        } else {
            /*
             * php-cgi under Apache does not pass HTTP Basic user/pass to PHP by default
-             * For this workaround to work, add this line to your .htaccess file:
+             * For this workaround to work, add these lines to your .htaccess file:
+             * RewriteCond %{HTTP:Authorization} ^(.+)$
             * RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
             *
             * A sample .htaccess file:
             * RewriteEngine On
+             * RewriteCond %{HTTP:Authorization} ^(.+)$
             * RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
             * RewriteCond %{REQUEST_FILENAME} !-f
             * RewriteRule ^(.*)$ app.php [QSA,L]