aschempp
commented
7 years ago Shouldn't that be done in the .htaccess like https://github.com/contao/manager-bundle/blob/master/src/Resources/web/.htaccess#L21 ?
Closed discordier closed 6 years ago
aschempp
commented
7 years ago Shouldn't that be done in the .htaccess like https://github.com/contao/manager-bundle/blob/master/src/Resources/web/.htaccess#L21 ?
discordier
commented
7 years ago I don't know if it is an apache only thing or if it also applies to other web servers. TBH, it was the first time ever I encountered the header at all.
However, I started to wonder if we should change the app_dev to work without any special treatment via .htaccess and the like. I know it will get slower but might work in "all standard setups".
I have not defined yet what the supported setups might be, hence this ticket to discuss if we should do anything at all.
Toflar
commented
7 years ago Any idea if this is some standard? Couldn't even find any reference to that header in the Symfony Request class.
discordier
commented
7 years ago I only found some mentions of it here and here.
The problem is, that FastCGI seems to prefix HTTP_AUTHORIZATION with REDIRECT_. Therefore the original header is not to be found anymore.
I assume (have not tested though) if we change the .htaccess to set the REDIRECT_HTTP_AUTHORIZATION instead of HTTP_AUTHORIZATION that we will end up with REDIRECT_REDIRECT_HTTP_AUTHORIZATION then.
discordier
commented
6 years ago As discussed on mumble on 2017-10-05, we will move $request = Request::createFromGlobals(); up and use the server bag
See: https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpFoundation/ServerBag.php#L63
aschempp
commented
6 years ago Can you please try a3148f8dc17441912cfb8053b7417eca66a4b3f0 ?
discordier
commented
6 years ago Works like a charm.
Tested hosting is 1&1 btw.
We should discuss if we want to add:
This will provide the authorization in environments where the requests are proxied and therefore no
HTTP_AUTHORIZATIONenvironment variable is available.