I implemented JWT tokens in PHP/Phalcon, for which you need to send the JWT token in the Authorization header. I send the header as follows:
$.ajax({
url: URL,
dataType: 'text',
method: 'post',
data: { "data": "values" },
success: function(data) {
return console.log("Returned data: ", data);
},
beforeSend: function(xhr, settings) {
xhr.setRequestHeader('Authorization', 'Bearer ' + token);
});
To read the header, I do the following:
$auth_header = $request->getHeader ( 'Authorization' );
And that's it. I was able to successfully read the header and life went on.
I few days later, my code was unable to read the header. The value of $auth_header was empty. After some diagnosis, I found that the header needed to be read as follows:
$auth_header = $request->getHeader ( 'REDIRECT_HTTP_AUTHORIZATION' );
I added both parameters to my code so that both headers could be read, depending on which actually came. A few days later I added a third one:
$auth_header = $request->getHeader ( 'AUTHORIZATION' );
This time the word had to be all capital, or it wouldn't read anything.
So what now? Will there be a fourth name in a few days? How should I proceed? I'd like to point out that none of this is happening on PHP 5.6. It is only happening on the dev server which is PHP 5.3. Is this a known issue? What is the root cause?
My .htaccess file is:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^((?s).*)$ index.php?_url=/$1 [QSA,L]
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
</IfModule>
