Curl Command returns «Not Authorized»

[Jones-S]

Again I am having trouble with my craftql installation. I just moved my local database to a remote database and set up a production environment.

If I use

curl -H "Authorization: bearer TOKEN" -H "Content-type: application/json" -d '{"query":"{ helloWorld }"}' https://cms.mydomain.ch/api

it does again return {"errors":[{"message":"Not authorized"}]}%

This time it is NOT linked to any local stuff like here #158. I uninstalled the craftql plugin and reinstalled it on the remote and added a new token. Same result.

Funnily the built in GraphiQL works just fine.

I also still run my local Craft installation which I connected now to the remote database. If I run my command with the same token like this

curl -H "Authorization: bearer TOKEN" -H "Content-type: application/json" -d '{"query":"{ helloWorld }"}' http://cms.localdomain.ch/api

It works just fine als well!!!

What else could I try to fix this? Thank you in advance.

BTW: I am still on craft 3.2.8 because I don't want the built in graphql yet. There is too few support for plugins like Neo or Seomatic.

[Jones-S]

If I return this on the remote from the vendor/markhuot/craftql/src/Controllers/ApiController.php within the actionIndex method:

        $authorization = Craft::$app->request->headers->get('authorization');
        http_response_code(403);
        return $this->asJson([
            'error' => [
                ['auth' => $authorization]
            ]
        ]);

I get: {"error":[{"auth":null}]}%

Are there some settings on some hosting services that prevent auth tokens being sent?

[narration-sd]

Hmm. In short, yes, Apache (web server app) can apparently be quite unruly about this.

Here's an unfortunately vexing set of information: https://stackoverflow.com/questions/26549250/apache-strips-down-authorization-header

You might try the .htaccess part, and see if that fixes for you without requiring an actual server restart. If not, better have a conversation with your hosting provider actual technical admins.

Or if possible, move over to nginx server selection? May well be worth it on all accounts. The config is quite straightforward, once you understand it.

Good troubleshooting move by you...cheers.

[narration-sd]

...filled in a few extras, in case you're reading only by email: check github conversation itself.

[Jones-S]

.htaccess

    RewriteEngine On

    RewriteCond %{HTTP:Authorization} ^(.*)
    RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

Did the trick! 🎉

Thanks for the hint. Whenever I saw your link I remembered that in the first half of the post I linked to (#158), also had this answer. I totally forgot and thought only the MAMP solution was discussed there.

thanks for the pointer.