Reputation: 109
Authorization header not reaching the server in laravel project
I'm using JWT token to authorize android users but when i send it it reaches as null, does the server remove the Authorization header? is there a config i need to change to allow my header to pass to the backend?
Upvotes: 2
Views: 13966
Answers (5)
Reputation: 1094
Add Authorization handling code in public/.htaccess:
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
Ref: https://github.com/laravel/laravel/blob/master/public/.htaccess
Upvotes: 15
Reputation: 41
This may happen because of 2 reasons:
- missing authorization rewrite rule and
- missing Apache virtual host directive to allow authorization headers.
For the 1st : In your project file /public/.htaccess
// add these 2 lines under the RewriteEngine On
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
For the 2nd:
# In your web server's Apache virtual host config file
<VirtualHost>
# ...
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=
# ...
</VirtualHost>
Upvotes: 0
Reputation: 11
I have faced a similar kind of issue. Actually, we need to enable the rewrite rules in two places.
Add Authorization handling code in public/.htaccess:
Handle Authorization Header
RewriteCond %{HTTP:Authorization} . RewriteRule . - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]*
Add the same code in /etc/apache2/sites-enabled
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule . - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]*
Upvotes: 1
Reputation: 670
Follow the second solution.
I faced this issue in cPanel hosting, some security mod or plugins strips the Authorization data from the header, I was using Authorization Bearer. I bypassed it by renaming Authorization -> ApiToken and updating few lines of code in Laravel core.
file vendor\laravel\framework\src\Illuminate\Http\Concerns\InteractsWithInput.php method bearerToken.
public function bearerToken()
{
$header = $this->header('Authorization', $this->header('ApiToken', ''));
if (Str::startsWith($header, 'Bearer ')) {
return Str::substr($header, 7);
}
}
Btw, editing core code is not ideal.
Upvotes: 2
Reputation: 2035
Just updating for the Googlers as I was also looking for a solution and felt that modifying the core code isn't a good idea!
The solution I've got is to use middleware. In my JavaScript, I'm setting X-Authorization headers instead of Authorization.
I've then created an HTTP middleware class to pick up this header and set our Authorization header -
<?php
namespace App\Http\Middleware;
use Closure;
class XAuthorizationHeader
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next) {
// check if we have an X-Authorization header present
if($auth = $request->header('X-Authorization')) {
$request->headers->set('Authorization', $auth);
}
return $next($request);
}
}
Then in App\Http\Kernel.php $middleware array, add this middleware at the very start.
protected $middleware = [
XAuthorizationHeader::class,
Any further code will then be able to retrieve the Authorization header as if it were actually there when you pass it as an X-Authorization header.
Upvotes: 20
Related Questions
- $request->header('Authorization') return null using laravel
- how to pass token as header authuriazation token in laravel
- Getting token_not_provided when using Authorization Header with JWT Laravel
- Reading Authorization header for JWT Token using Laravel 5, CORS, and JWTAuth
- Laravel JWT Return Token But Returns Unauthenticated On Subsequent Request
- laravel jwt-auth Token is Invalid
- JWT Authorization header not reaching api
- Laravel not detecting auth token sent in the header and JWT package
- Authorization header not making it through in Codeception API testing
- JWT: How send authorization in header?