2

I am developing an api using yii2 REST Api basicauth. I have successfully developed in my local xampp server. I have deployed the code to a vps running centos. But i am getting the following unathorized response:

{
"name": "Unauthorized",
"message": "Your request was made with invalid credentials.",
"code": 0,
"status": 401,
"type": "yii\\web\\UnauthorizedHttpException"
}

I have set the headers properly.

response headers:

Connection →Keep-Alive
Content-Type →application/json; charset=UTF-8
Date →Fri, 05 May 2017 08:40:49 GMT
Keep-Alive →timeout=5, max=100
Server →Apache
Transfer-Encoding →chunked
Www-Authenticate →Basic realm="api"
X-Powered-By →PHP/5.6.30


my headers: 
Authorization : Basic BVrVm3Ay0jg2XBr3TeITaClg
Content-Type  : application/x-www-form-urlencoded

when i dump the headers i dont see the Authorization Header:

object(yii\web\HeaderCollection)#81 (1) {
  ["_headers":"yii\web\HeaderCollection":private]=>
  array(10) {
    ["content-type"]=>
    array(1) {
      [0]=>
      string(33) "application/x-www-form-urlencoded"
    }
    ["accept"]=>
    array(1) {
      [0]=>
      string(3) "*/*"
    }
    ["accept-encoding"]=>
    array(1) {
      [0]=>
      string(19) "gzip, deflate, sdch"
    }
    ["accept-language"]=>
    array(1) {
      [0]=>
      string(14) "en-US,en;q=0.8"
    }
    ["cache-control"]=>
    array(1) {
      [0]=>
      string(8) "no-cache"
    }
    ["connection"]=>
    array(1) {
      [0]=>
      string(10) "keep-alive"
    }
    ["cookie"]=>
    array(1) {
      [0]=>
      string(172) "_csrf=ed46321a4d6f68c815e71201a9d47fa4594bc7dc66346fe10111269e612fa24ea%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22afHivmMVT9TeQ24W-jwdIBu5sx4nA_hY%22%3B%7D"
    }
    ["host"]=>
    array(1) {
      [0]=>
      string(14) "104.238.73.161"
    }
    ["postman-token"]=>
    array(1) {
      [0]=>
      string(36) "b2123a9e-1585-5a44-4af1-dab9f12951c6"
    }
    ["user-agent"]=>
    array(1) {
      [0]=>
      string(113) "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36"
    }
  }
}

any idea why this is happening in the remote server ? Please help.

Chamindar2002
  • 223
  • 3
  • 15

2 Answers2

5

Hi for any one coming across this issue i have found the solution.

I added the following line in my .htaccess file and problem was fixed.

SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

i found the solution from the thread below: https://github.com/yiisoft/yii2/issues/6631

Chamindar2002
  • 223
  • 3
  • 15
0

It's probably the CRSF validation. You can, in your controller

Public $enableCsrfValidation = false;

That will disable the validation in every action of that controller.

Here you have more info if you want to dig further: https://yii2-cookbook.readthedocs.io/csrf/

Chux
  • 1,196
  • 1
  • 9
  • 24
  • Hi Chux, but if it is a CRSF issue then it shouldn't be working in my local ? am i correct ? – Chamindar2002 May 05 '17 at 09:24
  • Yes, you are right, my mistake. Can you take a look at the app.log file? – Chux May 05 '17 at 09:36
  • Hi chux i have updated my question. when i dump the $request->getHeaders() it doesn's show the 'authorization' element in the array. – Chamindar2002 May 05 '17 at 09:40
  • That seems an apache or how php is configured on that server. Can you please take a look here? https://github.com/yiisoft/yii2/issues/6631 – Chux May 05 '17 at 10:28