I'm using JWT token to authorize android users but when i send it it reaches as null, does the server remove the Authorization header? is there a config i need to change to allow my header to pass to the backend?
Asked
Active
Viewed 1.2k times
4 Answers
20
Just updating for the Googlers as I was also looking for a solution and felt that modifying the core code isn't a good idea!
The solution I've got is to use middleware. In my JavaScript, I'm setting X-Authorization headers instead of Authorization.
I've then created an HTTP middleware class to pick up this header and set our Authorization header -
<?php
namespace App\Http\Middleware;
use Closure;
class XAuthorizationHeader
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next) {
// check if we have an X-Authorization header present
if($auth = $request->header('X-Authorization')) {
$request->headers->set('Authorization', $auth);
}
return $next($request);
}
}
Then in App\Http\Kernel.php $middleware array, add this middleware at the very start.
protected $middleware = [
XAuthorizationHeader::class,
Any further code will then be able to retrieve the Authorization header as if it were actually there when you pass it as an X-Authorization header.
Chris
- 1,939
- 1
- 19
- 38
-
1@theinquisitor This should be the accepted answer, editing framework should not be the answer in any case. – mcanvar Dec 23 '18 at 23:09
-
Any way of changing the accepted answer other than user marking it? I agree people googling for this solution shouldn't be presented with one about modifying the core code! – Chris Dec 24 '18 at 09:43
-
1
-
12
Add Authorization handling code in public/.htaccess:
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
Ref: https://github.com/laravel/laravel/blob/master/public/.htaccess
Aranya Sen
- 974
- 8
- 13
-
I have updated in root .htaccess work perfectly due to ssl installed – Ghanshyam Nakiya Jul 27 '22 at 05:39
-
Thank you, this worked for me as well. For anyone working only with a vhost file, you can add this to it. # Handle Authorization Header RewriteCond %{HTTP:Authorization} . RewriteRule . - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] – Jp Silver Aug 28 '23 at 08:28
2
Follow the second solution.
I faced this issue in cPanel hosting, some security mod or plugins strips the Authorization data from the header, I was using Authorization Bearer. I bypassed it by renaming Authorization -> ApiToken and updating few lines of code in Laravel core.
file vendor\laravel\framework\src\Illuminate\Http\Concerns\InteractsWithInput.php method bearerToken.
public function bearerToken()
{
$header = $this->header('Authorization', $this->header('ApiToken', ''));
if (Str::startsWith($header, 'Bearer ')) {
return Str::substr($header, 7);
}
}
Btw, editing core code is not ideal.
Saiful Islam
- 620
- 5
- 13
0
I have faced a similar kind of issue. Actually, we need to enable the rewrite rules in two places.
Add Authorization handling code in public/.htaccess:
Handle Authorization Header
RewriteCond %{HTTP:Authorization} . RewriteRule . - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]*
Add the same code in /etc/apache2/sites-enabled
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule . - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]*
prabakaran a
- 1
- 1