Closed discordier closed 6 years ago
Shouldn't that be done in the .htaccess
like https://github.com/contao/manager-bundle/blob/master/src/Resources/web/.htaccess#L21 ?
I don't know if it is an apache only thing or if it also applies to other web servers. TBH, it was the first time ever I encountered the header at all.
However, I started to wonder if we should change the app_dev to work without any special treatment via .htaccess and the like. I know it will get slower but might work in "all standard setups".
I have not defined yet what the supported setups might be, hence this ticket to discuss if we should do anything at all.
Any idea if this is some standard? Couldn't even find any reference to that header in the Symfony Request
class.
I only found some mentions of it here and here.
The problem is, that FastCGI seems to prefix HTTP_AUTHORIZATION
with REDIRECT_
. Therefore the original header is not to be found anymore.
I assume (have not tested though) if we change the .htaccess to set the REDIRECT_HTTP_AUTHORIZATION
instead of HTTP_AUTHORIZATION
that we will end up with REDIRECT_REDIRECT_HTTP_AUTHORIZATION
then.
As discussed on mumble on 2017-10-05, we will move $request = Request::createFromGlobals();
up and use the server bag
See: https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpFoundation/ServerBag.php#L63
Can you please try a3148f8dc17441912cfb8053b7417eca66a4b3f0 ?
Works like a charm.
Tested hosting is 1&1 btw.
We should discuss if we want to add:
This will provide the authorization in environments where the requests are proxied and therefore no
HTTP_AUTHORIZATION
environment variable is available.