Restoring missing Authorization header when using PHP with Apache

I was recently looking into using our Mantis Bug Tracker instance to automatically generate product road-maps - now that we are actually starting to properly plan product updates and as keeping them up to date manually isn't really working.

I spent a fair amount of fruitless time sending requests to Mantis via Postman only for every single request to fail with 401 API Token required - despite the fact I'd created a limited access user and generated an API token associated with that.

In the end after looking at the Mantis source files, I resorted to editing AuthMiddleware.php directly on the server to start spitting out output as a crude way of attempting to identify the issue. This showed that the Authorization header just wasn't present - any other header I sent was there, just that one in particular was missing.

The documentation for apache_request_headers doesn't mention anything about authorisation, nor does getallheaders. $_SERVER on the other hand mentions that new values may be created based on the contents of the Authorization header but it too doesn't state anything about the header being removed.

Fortunately, I found an answer in a user comment for the HTTP authentication with PHP documentation topic which is to alter your .htaccess file to include the following line

SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

I made this change to the .htaccess file located in the Mantis REST API client folders (I didn't do it at the root level), and now the API is working. Baby steps...

Please note however that I'm not a PHP developer, and when it comes to hosting, I'm an IIS guy and have very little familiarity with Apache. So while this tweak works for me, I can't state for certain it is the correct approach or if it should have been handled another way. Nor do I know what the cause is - seems odd that if this was official PHP behaviour that it isn't documented anywhere that I could find. If you know of a better way please let me know!

About The Author

Gravatar

The founder of Cyotek, Richard enjoys creating new blog content for the site. Much more though, he likes to develop programs, and can often found writing reams of code. A long term gamer, he has aspirations in one day creating an epic video game. Until that time, he is mostly content with adding new bugs to WebCopy and the other Cyotek products.

Leave a Comment

While we appreciate comments from our users, please follow our posting guidelines. Have you tried the Cyotek Forums for support from Cyotek and the community?

Styling with Markdown is supported