Workaround for HTTP authentication in the API when running PHP as CGI/FastCGI. Example rewrite lines added as comments in htaccess.sample, API tweaked to accept alternate environment var form.

author: Brion Vibber <brion@pobox.com> 2010-03-17 10:52:11 -0700
committer: Brion Vibber <brion@pobox.com> 2010-03-17 11:04:41 -0700
commit: 22f827134c3be845494bebd76bda9e4a074e710b (patch)
tree: b090bd31e26f76586f58d3810b0d158fb86c0879 /lib
parent: 4761c07ad8d76f7c34d4db53d32d15e806ba1e88 (diff)
1 files changed, 9 insertions, 5 deletions
diff --git a/lib/apiauth.php b/lib/apiauth.php
index 32502399f..17f803a1c 100644
--- a/lib/apiauth.php
+++ b/lib/apiauth.php
@@ -294,11 +294,15 @@ class ApiAuthAction extends ApiAction
 
     function basicAuthProcessHeader()
     {
-        if (isset($_SERVER['AUTHORIZATION'])
-            || isset($_SERVER['HTTP_AUTHORIZATION'])
-            ) {
-            $authorization_header = isset($_SERVER['HTTP_AUTHORIZATION'])
-              ? $_SERVER['HTTP_AUTHORIZATION'] : $_SERVER['AUTHORIZATION'];
+        $authHeaders = array('AUTHORIZATION',
+                             'HTTP_AUTHORIZATION',
+                             'REDIRECT_HTTP_AUTHORIZATION'); // rewrite for CGI
+        $authorization_header = null;
+        foreach ($authHeaders as $header) {
+            if (isset($_SERVER[$header])) {
+                $authorization_header = $_SERVER[$header];
+                break;
+            }
         }
 
         if (isset($_SERVER['PHP_AUTH_USER'])) {
author	Brion Vibber <brion@pobox.com>	2010-03-17 10:52:11 -0700
committer	Brion Vibber <brion@pobox.com>	2010-03-17 11:04:41 -0700
commit	22f827134c3be845494bebd76bda9e4a074e710b (patch)
tree	b090bd31e26f76586f58d3810b0d158fb86c0879 /lib
parent	4761c07ad8d76f7c34d4db53d32d15e806ba1e88 (diff)