为什么我无法通过$ this-> request-> header('Authorization')访问header-field?

时间:2014-11-13 11:06:40

标签: php cakephp cakephp-2.0

我正在尝试使用以下命令在移动设备的CORS请求期间访问CakePHP 2.5中的http-header字段“Authorization”:

$this->request->header('Authorization');

返回false。如果标头不存在,则这是预期结果(请参阅:Docs)。但Devloper工具显示以下请求:

GET //api_customers/index.json HTTP/1.1
Host: aeap.localhost
Connection: keep-alive
Accept: application/json, text/plain, */*
Origin: http://localhost:9000
User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImFkbWluX253In0.NszPvZauAWRq5GqqS70l_0UTkTCJoHkRWM8ZM8O0-fk
Referer: http://localhost:9000/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4

因此标题字段应该存在且可访问。我可以访问标题字段“User-Agent”。有人可以帮帮我吗?我在这里缺少什么?

修改

当我通过普通apache_request_headers()访问请求的标头时,标题似乎存在(通过CakeLog :: debug循环输出):

2014-11-13 12:09:28 Debug: Host:aeap.localhost
2014-11-13 12:09:28 Debug: Connection:keep-alive
2014-11-13 12:09:28 Debug: Access-Control-Request-Method:GET
2014-11-13 12:09:28 Debug: Origin:http://localhost:9000
2014-11-13 12:09:28 Debug: User-Agent:Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53
2014-11-13 12:09:28 Debug: Access-Control-Request-Headers:accept, authorization
2014-11-13 12:09:28 Debug: Accept:*/*
2014-11-13 12:09:28 Debug: Referer:http://localhost:9000/
2014-11-13 12:09:28 Debug: Accept-Encoding:gzip,deflate,sdch
2014-11-13 12:09:28 Debug: Accept-Language:de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
2014-11-13 12:09:28 Debug: 
2014-11-13 12:09:28 Debug: Host:aeap.localhost
2014-11-13 12:09:28 Debug: Connection:keep-alive
2014-11-13 12:09:28 Debug: Accept:application/json, text/plain, */*
2014-11-13 12:09:28 Debug: Origin:http://localhost:9000
2014-11-13 12:09:28 Debug: User-Agent:Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53
2014-11-13 12:09:28 Debug: Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImFkbWluX253In0.NszPvZauAWRq5GqqS70l_0UTkTCJoHkRWM8ZM8O0-fk
2014-11-13 12:09:28 Debug: Referer:http://localhost:9000/
2014-11-13 12:09:28 Debug: Accept-Encoding:gzip,deflate,sdch
2014-11-13 12:09:28 Debug: Accept-Language:de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4

1 个答案:

答案 0 :(得分:2)

Authorzation标题是一种特殊情况,PHP不会通过$_SERVER超全局公开它,CakeRequest::header()Basic检索标题的位置,如果我&#39 ;毫无疑问,PHP只支持DigestPHP_AUTH_DIGEST身份验证方案。

如果它是有效的摘要auth标头,那么PHP会通过CakeRequest::header()提供其值,请参阅 http://php.net/manual/en/reserved.variables.server.php ,但这不适用于{也是{1}},因为它会在HTTP_前加上名称。

简而言之,您无法通过Authorization访问CakeRequest::header()标题,因此,如果您使用的是Apache,请改用apache_request_headers(),或者如果您可以控制请求,请使用自定义标头。

apache_request_headers()中添加CakeRequest::header()可能是功能请求的内容。

相关问题
最新问题