Workaround for HTTP authentication in the API when running PHP as CGI/FastCGI. Example rewrite lines added as comments in htaccess.sample, API tweaked to accept alternate environment var form.

This commit is contained in:
Brion Vibber 2010-03-17 10:52:11 -07:00
parent 4761c07ad8
commit 22f827134c
2 changed files with 14 additions and 5 deletions

View File

@ -5,6 +5,11 @@
RewriteBase /mublog/ RewriteBase /mublog/
## Uncomment these if having trouble with API authentication
## when PHP is running in CGI or FastCGI mode.
#RewriteCond %{HTTP:Authorization} ^(.*)
#RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) index.php?p=$1 [L,QSA] RewriteRule (.*) index.php?p=$1 [L,QSA]

View File

@ -294,11 +294,15 @@ class ApiAuthAction extends ApiAction
function basicAuthProcessHeader() function basicAuthProcessHeader()
{ {
if (isset($_SERVER['AUTHORIZATION']) $authHeaders = array('AUTHORIZATION',
|| isset($_SERVER['HTTP_AUTHORIZATION']) 'HTTP_AUTHORIZATION',
) { 'REDIRECT_HTTP_AUTHORIZATION'); // rewrite for CGI
$authorization_header = isset($_SERVER['HTTP_AUTHORIZATION']) $authorization_header = null;
? $_SERVER['HTTP_AUTHORIZATION'] : $_SERVER['AUTHORIZATION']; foreach ($authHeaders as $header) {
if (isset($_SERVER[$header])) {
$authorization_header = $_SERVER[$header];
break;
}
} }
if (isset($_SERVER['PHP_AUTH_USER'])) { if (isset($_SERVER['PHP_AUTH_USER'])) {