Support "Authorization" header in import

[fkusei]

In https://github.com/crs-tools/tracker/blob/a1757f52f0fbcc925d7e75622e1adacba9877acf/src/Application/Controller/Import.php#L457-L462 we have support for the "Authentication" header. Most newer applications use the "Authorization" header instead.

The tracker should also have support for that header.

[a-tze]

Please keep in mind that the authentication scheme is custom-made, and not following some standard, e.g. bearer token or JWT. So there is possibly no point in using a standardized header name that 3rd party can send, if the header content cannot be produced correctly by that 3rd party software.

Additionally, the name "Authentication" is more correct, as the header only proofs "who" the client is, not what the client is allowed to do (in contrast to modern API tokens and such). IIRC this was one of the reasons for choosing that particular header name.

IMO you should clarify if you just find the name unsuitable or if you think the tracker should support a standard authentication/authorization mechanism like JWT.

[fkusei]

I believe you misunderstood. This issue is about using the "Authorization" header when requesting the schedule.xml for importing the Fahrplan into the tracker :)

(I'm happy to provide a pull request for that later in the week)

[a-tze]

Ahh it's outgoing - okay, the code snippet was too short to see that. That is 100% useful of course.