Skip to content

Instantly share code, notes, and snippets.

@rmpel

rmpel/apache_request_headers.php

Last active June 11, 2022 09:30
Show Gist options
  • Save rmpel/11583cfddfcc9705578428e3a2ee3dc1 to your computer and use it in GitHub Desktop.
Save rmpel/11583cfddfcc9705578428e3a2ee3dc1 to your computer and use it in GitHub Desktop.
Download ZIP
apache_request_headers drop-in function for PHP as FPM
Raw
apache_request_headers.php
<?php
// Drop-in replacement for apache_request_headers() when it's not available
if ( ! function_exists( 'apache_request_headers' ) ) {
function apache_request_headers() {
static $arrHttpHeaders;
if ( ! $arrHttpHeaders ) {
// Based on: http://www.iana.org/assignments/message-headers/message-headers.xml#perm-headers
$arrCasedHeaders = array(
// HTTP
'Dasl' => 'DASL',
'Dav' => 'DAV',
'Etag' => 'ETag',
'Mime-Version' => 'MIME-Version',
'Slug' => 'SLUG',
'Te' => 'TE',
'Www-Authenticate' => 'WWW-Authenticate',
// MIME
'Content-Md5' => 'Content-MD5',
'Content-Id' => 'Content-ID',
'Content-Features' => 'Content-features',
);
$arrHttpHeaders = array();
foreach ( $_SERVER as $strKey => $mixValue ) {
if ( 'HTTP_' !== substr( $strKey, 0, 5 ) ) {
continue;
}
$strHeaderKey = strtolower( substr( $strKey, 5 ) );
if ( 0 < substr_count( $strHeaderKey, '_' ) ) {
$arrHeaderKey = explode( '_', $strHeaderKey );
$arrHeaderKey = array_map( 'ucfirst', $arrHeaderKey );
$strHeaderKey = implode( '-', $arrHeaderKey );
} else {
$strHeaderKey = ucfirst( $strHeaderKey );
}
if ( array_key_exists( $strHeaderKey, $arrCasedHeaders ) ) {
$strHeaderKey = $arrCasedHeaders[ $strHeaderKey ];
}
$arrHttpHeaders[ $strHeaderKey ] = $mixValue;
}
/** in case you need authorization and your hosting provider has not fixed this for you:
* VHOST-Config:
* FastCgiExternalServer line needs -pass-header Authorization
*
* .htaccess or VHOST-config file needs:
* SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
* to add the Authorization header to the environment for further processing
*/
if ( ! empty( $arrHttpHeaders['Authorization'] ) ) {
// in case of Authorization, but the values not propagated properly, do so :)
if ( ! isset( $_SERVER['PHP_AUTH_USER'] ) ) {
list( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) = explode( ':', base64_decode( substr( $_SERVER['HTTP_AUTHORIZATION'], 6 ) ) );
}
}
}
return $arrHttpHeaders;
}
// execute now so other scripts have little chance to taint the information in $_SERVER
// the data is cached, so multiple retrievals of the headers will not cause further impact on performance.
apache_request_headers();
}
@rmpel
Copy link
Author

rmpel commented Jun 11, 2022
edited
Loading

@chiragmshah70 I think I may have found your problem.
If I read it correctly, you have altered the code of my gist to read

	// execute now so other scripts have little chance to taint the information in $_SERVER
	// the data is cached, so multiple retrievals of the headers will not cause further impact on performance.
	$headers = apache_request_headers();
} else {
	$headers = apache_request_headers();
}
}

That's not what you should do.

You can embed the code in your own php file, but don't add an "else" class. just use $headers = apache_request_headers(); anywhere in your code., like so;

	// execute now so other scripts have little chance to taint the information in $_SERVER
	// the data is cached, so multiple retrievals of the headers will not cause further impact on performance.
	apache_request_headers();
}
// End of copy-paste code

// ... your own code ...

// Use apache headers like you normally would.
$headers = apache_request_headers();

Also I would suggest not embedding it, but rather download the file to an includes folder and use require_once to load the code.

Furthermore, I don't know what you are trying to do with the Authorization header, with the token, but that seems wrong. The Authorization header is usually something like this;

Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l

The code after Basic is base64 encoded and reads the username followed by a colon and ends with the password; aladdin:opensesame
@see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization#examples

I am aware my code above does not support the Digest Authorization scheme, but there is no authorization scheme matching your code, so I don't think I can help you with that.

@chiragmshah70
Copy link

@rmpel - Thanks a lot. I refactored the code as suggested above. The authorization string is passed with api call and compared with token to allow API access. The code was breaking and fixed it. now its working. I really appreciate your help. Thanks again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment