Workaround for hoster (ionos)
The hoster writes the environment variable with bearer token to REDIRECT_HTTP_AUTHORIZATION and needs to provide RewriteBase / to .htaccess
This commit is contained in:
parent
6cdca9562c
commit
676571dab9
2 changed files with 10 additions and 2 deletions
|
@ -10,8 +10,12 @@ RewriteRule ^(.git|doxygen|vendor) - [F]
|
||||||
# fixes JWT token not correctly forwarded on some Apache/FastCGI setups
|
# fixes JWT token not correctly forwarded on some Apache/FastCGI setups
|
||||||
RewriteCond %{HTTP:Authorization} ^(.*)
|
RewriteCond %{HTTP:Authorization} ^(.*)
|
||||||
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
|
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
|
||||||
|
# Alternative (if the 2 lines above don't work)
|
||||||
|
# SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
|
||||||
|
|
||||||
# REST API
|
# REST API
|
||||||
|
# Ionos Hosting needs RewriteBase /
|
||||||
|
# RewriteBase /
|
||||||
RewriteCond %{REQUEST_FILENAME} !-f
|
RewriteCond %{REQUEST_FILENAME} !-f
|
||||||
RewriteCond %{REQUEST_FILENAME} !-d
|
RewriteCond %{REQUEST_FILENAME} !-d
|
||||||
RewriteRule ^ index.php [QSA,L]
|
RewriteRule ^ index.php [QSA,L]
|
||||||
|
|
|
@ -107,7 +107,7 @@ protected function checkRequest($request)
|
||||||
*/
|
*/
|
||||||
protected function checkToken($request)
|
protected function checkToken($request)
|
||||||
{
|
{
|
||||||
if (! $request->hasHeader('Authorization')) {
|
if (! $request->hasHeader('Authorization') && !isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
|
||||||
throw new ApiAuthorizationException('JWT token not provided');
|
throw new ApiAuthorizationException('JWT token not provided');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -115,7 +115,11 @@ protected function checkToken($request)
|
||||||
throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration');
|
throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
|
||||||
|
$authorization = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
|
||||||
|
} else {
|
||||||
$authorization = $request->getHeaderLine('Authorization');
|
$authorization = $request->getHeaderLine('Authorization');
|
||||||
|
}
|
||||||
|
|
||||||
if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) {
|
if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) {
|
||||||
throw new ApiAuthorizationException('Invalid JWT header');
|
throw new ApiAuthorizationException('Invalid JWT header');
|
||||||
|
|
Loading…
Reference in a new issue