如何使用Perl Dancer访问请求的Authorization标头?
我已经测试了我的客户端并且它成功传递了Authorization标头,但它没有出现在request->headers哈希中。我可以通过简单地拼写错误或在前面添加X-来显示它,但我正在制作API并希望使用传统的标头来传递请求签名以进行身份验证。
答案 0 :(得分:4)
看起来FastCGI剥离了Authorization标头,可能是因为basic HTTP auth is hideously insecure。不是通过POST发送用户名和密码就更好了。
来自Plack::Handler::FCGI ...
Most fastcgi configuration does not pass Authorization headers to
HTTP_AUTHORIZATION environment variable by default for security reasons.
Authentication middleware such as Plack::Middleware::Auth::Basic or
Catalyst::Authentication::Credential::HTTP requires the variable to be set up.
Plack::Handler::FCGI supports extracting the Authorization environment variable
when it is configured that way.
Apache2 with mod_fastcgi:
--pass-header Authorization
mod_fcgid:
FcgiPassHeader Authorization
这也是Plack::Middleware::Auth::Digest的一个警告。