问题描述
我正在尝试在 PHP 中创建一个 REST API,并且我想实现一个类似于 Amazon 的 S3 方法的身份验证方案.这涉及在请求中设置自定义授权"标头.
I am attempting to create a REST API in PHP and I'd like to implement an authentication scheme similar to Amazon's S3 approach. This involves setting a custom 'Authorization' header in the request.
我原以为可以使用 $_SERVER['HTTP_AUTHORIZATION'] 访问标头,但在 var_dump($_SERVER) 中找不到它.apache_request_headers() 函数可以解决我的问题,但是我的主机将 PHP 实现为 CGI,所以它不可用.
I had thought I would be able to access the header with $_SERVER['HTTP_AUTHORIZATION'], but it's nowhere to be found in var_dump($_SERVER). The apache_request_headers() function would solve my problem, but my host implements PHP as CGI, so it's unavailable.
还有其他方法可以访问 PHP 中的完整请求标头吗?
Is there another way I can access the complete request headers in PHP?
推荐答案
你需要做一些 mod_rewrite
魔法来让你的标题通过 CGI 障碍,像这样:
You'll need to do some mod_rewrite
wizardry to get your headers past the CGI barrier, like so:
RewriteEngine on
RewriteRule .? - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
<?php
$auth = $_SERVER['HTTP_AUTHORIZATION'];
?>
请注意,如果您将 mod_rewrite
用于其他目的,它最终可能是 $_SERVER['REDIRECT_HTTP_AUTHORIZATION']
.
Note that if you're using mod_rewrite
for other purposes, it could end up being $_SERVER['REDIRECT_HTTP_AUTHORIZATION']
.
这篇关于如何访问未出现在 $_SERVER 中的请求标头?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!