OAuth1 icon indicating copy to clipboard operation
OAuth1 copied to clipboard

Published 20 hours ago verified publisher icon WP-API

HTTP_AUTHORIZATION is called REDIRECT_HTTP_AUTHORIZATION on some server configurations

Open panic175 opened this issue 11 years ago • 2 comments

The prefix is present on some configurations of PHP with FastCGI. So I guess OAuth1 should check for both. See here: https://github.com/WP-API/api-console/issues/1#issuecomment-65044837

panic175 avatar Dec 05 '14 14:12 panic175

Hmm I'm not sure if this is any official header and therefore should be included, I'm leaning towards no, but let's open this for discussion.

joehoyle avatar Oct 11 '16 15:10 joehoyle

I'd like to mention that we see this regularly.

Where REDIRECT_HTTP_AUTHORIZATION is present, but HTTP_AUTHORIZATION is not.

I understand this occurs when PHP is running in FastCGI mode and the HTTP_AUTHORIZATION is set via SetEnv or .htaccess directives such as

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}

FWIW the same issue occurs in the Wordpress Basic Auth plugin.

We've handled this as described in this article: https://www.metalocator.com/wp-json-basic-auth-with-fastcgi/

fatica avatar Dec 30 '16 22:12 fatica