It does, This is sort of workaround. Authorization header is considered
"custom" header and as such Apache strips it by default in order to enhance
security. Unlike Apache, CGI and FP SAPI's allow this header.
2016-09-09 20:49 GMT+02:00 Stephen Reay :
> Doesn't the bug specifically say that the e
@Stephen
Yes, this change does not remove any previously variables in $_SERVER, only
adds PHP_AUTH_BEARER when present in request.
2016-09-09 18:07 GMT+02:00 Stephen Reay :
> Does this change also leave the raw header in
> $_SERVER['HTTP_AUTHORIZATION’] ?
>
> > On 9 Sep 2016, at 21:30, Silvio Ma
Does this change also leave the raw header in $_SERVER['HTTP_AUTHORIZATION’] ?
> On 9 Sep 2016, at 21:30, Silvio Marijić wrote:
>
> @Niklas
> We are already supporting Basic and Digest and Bearer and MAC are used
> widely as a form of token authorization.
>
> 2016-09-09 14:37 GMT+02:00 Niklas K
@Niklas
We are already supporting Basic and Digest and Bearer and MAC are used
widely as a form of token authorization.
2016-09-09 14:37 GMT+02:00 Niklas Keller :
> 2016-09-09 14:17 GMT+02:00 Silvio Marijić :
>
>> Came across this issue https://bugs.php.net/bug.php?id=72915 and got an
>> idea. I'
2016-09-09 14:17 GMT+02:00 Silvio Marijić :
> Came across this issue https://bugs.php.net/bug.php?id=72915 and got an
> idea. I've added PHP_AUTH_BEARER to $_SERVER when Bearer auth token is used
> as Authorization method.
>
> Does this kind of change requires RFC ? Would this kind of change be
>
