I am sending a token within the headers of each request, when I do a print_r(apache_request_headers()); I get ...
[Host] => 192.168.100.100
[Connection] => keep-alive
[Authorization] =>d868cbf31f676130649fbfd7fff64a70cc071cd0fc8afa676b ...
[Origin] => null
[User-Agent] => Mozilla/5.0 (Linux; U; Android 4.0; en-us; GT-I9300 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
[Accept] => */*
[Accept-Encoding] => gzip, deflate, sdch [Accept-Language] => en-US,en;q=0.8 )
I have tried echo $_SERVER['Authorization']; but get a an error Undefined index: Authorization.
How do I get the token.
You can either use array dereferencing (PHP >= 5.4), e.g.
echo apache_request_headers()["Authorization"];
Or assign it to a variable an then access it, e.g.
$headers = apache_request_headers();
echo $headers["Authorization"];
Try this, it is Server Independent
$header = getallheaders();
echo $header['Authorization'];
Related
I have some code which validates that a non-profit is in good standing with the IRS by looking up the organization's Employer Identification Number (EIN) on the IRS website's Tax-Exempt Organization Search page using page scraping via PHP cURL. Recently it began to fail with 403/Forbidden errors. I re-wrote it to adapt to changes on the IRS website. Now I have code that works as expected on my development system(s) while the identical code (verified with "sum" on the two files involved) fails with a 403 error on our production system, but I'm stuck on identifying the difference causing the problem.
I have two systems on which the code works: Fedora 35 Linux, with PHP 8.0.18 and cURL 7.79.1 and Fedora 36 Linux with PHP 8.1.6 and cURL 7.82.0. The production system hosted at HostGator is CentOS with PHP 7.4.29 and cURL 7.83.1, so older PHP with newer cURL.
The code first performs a GET on the search page to load the cookies and collect the form field default values then a POST to submit the form with the EIN in the right form field. The Fedora systems get the expected 302 response to the POST while the CentOS system gets a 403 response.
For debugging, I've tried constraining the obvious variations between the systems by forcing the use of IPv4 and HTTP/2 and re-run the tests until both are captured using the same IP address for the load-balanced website. Unfortunately I can't capture packets on the production system at the hosting company to look for differences in the interaction with the website. I'm hoping a cURL wizard may be able to spot a key difference from the two verbose output captures (with my cURL option dumps) below.
Working (PHP 8.1.6, cURL 7.82.0):
* Connection #0 to host apps.irs.gov left intact
=> POST options: Array
(
[19913] => 1
[52] => 1
[10023] => Array
(
[0] => User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.17763
[1] => Accept-Language: en-US,en;q=0.5
)
[10031] =>
[113] => 1
[84] => 3
[41] => 1
[47] => 1
[10015] => einTerm=01-0211671&orgTerm=&resultsPerPage=25&indexOfFirstRow=0&dispatchMethod=searchAll&city=&fromDate=&toDate=&sortColumn=orgName&isDescending=false&searchType=allSearch&searchBy=EIN&state=All+States&country=All+Countries&exemptionType=al&deductibilityCode=all
[10002] => https://apps.irs.gov/app/eos/search;jsessionid=XTl16dGwQzYJg5v12y9oRVKE.20
)
* Found bundle for host apps.irs.gov: 0x564a9448dcc0 [can multiplex]
* Re-using existing connection! (#0) with host apps.irs.gov
* Connected to apps.irs.gov (23.63.32.192) port 443 (#0)
* h2h3 [:method: POST]
* h2h3 [:path: /app/eos/search;jsessionid=XTl16dGwQzYJg5v12y9oRVKE.20]
* h2h3 [:scheme: https]
* h2h3 [:authority: apps.irs.gov]
* h2h3 [accept: */*]
* h2h3 [cookie: JSESSIONID=XTl16dGwQzYJg5v12y9oRVKE.20; AWSALBCORS=hQQX7Xg5jDR+DCyEijfM4m6EsSevyrr3mZPmycLLOb2LwlJ58P8CSB9EIEl0JK2Vhr7YhPTn3VCuqcbmOMmnjed/M9qqvCkTygzaNT4H1IQefAHd5yjsXNVi7kb+; AWSALB=hQQX7Xg5jDR+DCyEijfM4m6EsSevyrr3mZPmycLLOb2LwlJ58P8CSB9EIEl0JK2Vhr7YhPTn3VCuqcbmOMmnjed/M9qqvCkTygzaNT4H1IQefAHd5yjsXNVi7kb+; ak_bmsc=8A537191012B749495893F1E10E74180~000000000000000000000000000000~YAAQPvffF1ihS9yAAQAAlaU19w/wPEliSNxMTXTsIyeT0I4D+idIAOo56QuNPDRd2bP/dTC9VU886WqlmkqXr0QwUkGQYZzpfAPIc4BEGNRixowHExzoLMYGMG9ta787mTsmOIFHTBqi3zXqkAkj1ScvE3ci9UgDMkXtEVi9sarHlLaquGMNfP9tPFkewTm0OlGZbVYyELuX2yx510QYEt03fif2MIZXz/CUMLtNPivoLMfTq1npNuJae7HGi3IEAQ64jchcxrV0oaVmSVCCV8Nj9Br0AqS/zknVE6MZETfKcdj9cFsBGEwlaiaDf1nZSMYnPCtTX2AGpHo2v6wW+keT0omBqEJM8S4TUwPONYx0nJe5i6nbqMjybxPgenErrcllS+L2; bm_sz=3B45C20CE8274677307CCA048B47E083~YAAQPvffF1ehS9yAAQAAQ6U19w/soNdV6oojiKE0rlk1RAJpAIt61GrHJAc0PN/xaRq3ZIS1XW9ZquKP4QMBY8P4UIu2/W8r3uzPRfe9/9uvSmjfWRAELmtVKY7qTQ0tRgc6s3Gs7h1ZTO7/e3VuEoqtmp8Pm/gmEMEtqkPoDtMevcqg1+8I/pXczASW8V7YbQtpmww1r81hZSrNKQMSlcfikCES/lobe1Q7w8NH7RQMkgVzZY246ULcYc3qtC2DE9mIKhg+VklSqCv0zFlV6FFdW9E5cuZTpUs1MWw4eLE=~4470852~4273716; _abck=1676C85BF3ECBCF69975274117E26FBE~-1~YAAQPvffF1ahS9yAAQAAQ6U19wdgZ0p23LgMfm0QsDeAJI8RD/YAPQe366g5hGIe1klI/ZpE5q7vrOX0YxletWFVqUl9jaSokNX4er6uAeVjdJ1MEG/Sra6MhmJOPW6NPGWhn7dx1DZt1W1KvShd4LHknAILAfaIY1NhY/SVqOrt1SYmlAvQNw+yPxnWzPsHB9t3/y6TTFQfvREisQscoG4uqA6aV9ZKN953qMtLUkxc34mz+jNFGIwexn+8Dc6glGY5mVQPv95YFUO87ogIfMY2V+iDCxhNlh22QNx0O2QEHxrW+lLByRza/Nt5awaPGQtqzsnTf8J9JePL9fahS2e4995pgxTpHrGRxIQ5LljTpxD1H1yEVep3~-1~-1~-1]
* h2h3 [user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.17763]
* h2h3 [accept-language: en-US,en;q=0.5]
* h2h3 [content-length: 262]
* h2h3 [content-type: application/x-www-form-urlencoded]
* Using Stream ID: 5 (easy handle 0x564a94489610)
> POST /app/eos/search;jsessionid=XTl16dGwQzYJg5v12y9oRVKE.20 HTTP/2
Host: apps.irs.gov
accept: */*
cookie: JSESSIONID=XTl16dGwQzYJg5v12y9oRVKE.20; AWSALBCORS=hQQX7Xg5jDR+DCyEijfM4m6EsSevyrr3mZPmycLLOb2LwlJ58P8CSB9EIEl0JK2Vhr7YhPTn3VCuqcbmOMmnjed/M9qqvCkTygzaNT4H1IQefAHd5yjsXNVi7kb+; AWSALB=hQQX7Xg5jDR+DCyEijfM4m6EsSevyrr3mZPmycLLOb2LwlJ58P8CSB9EIEl0JK2Vhr7YhPTn3VCuqcbmOMmnjed/M9qqvCkTygzaNT4H1IQefAHd5yjsXNVi7kb+; ak_bmsc=8A537191012B749495893F1E10E74180~000000000000000000000000000000~YAAQPvffF1ihS9yAAQAAlaU19w/wPEliSNxMTXTsIyeT0I4D+idIAOo56QuNPDRd2bP/dTC9VU886WqlmkqXr0QwUkGQYZzpfAPIc4BEGNRixowHExzoLMYGMG9ta787mTsmOIFHTBqi3zXqkAkj1ScvE3ci9UgDMkXtEVi9sarHlLaquGMNfP9tPFkewTm0OlGZbVYyELuX2yx510QYEt03fif2MIZXz/CUMLtNPivoLMfTq1npNuJae7HGi3IEAQ64jchcxrV0oaVmSVCCV8Nj9Br0AqS/zknVE6MZETfKcdj9cFsBGEwlaiaDf1nZSMYnPCtTX2AGpHo2v6wW+keT0omBqEJM8S4TUwPONYx0nJe5i6nbqMjybxPgenErrcllS+L2; bm_sz=3B45C20CE8274677307CCA048B47E083~YAAQPvffF1ehS9yAAQAAQ6U19w/soNdV6oojiKE0rlk1RAJpAIt61GrHJAc0PN/xaRq3ZIS1XW9ZquKP4QMBY8P4UIu2/W8r3uzPRfe9/9uvSmjfWRAELmtVKY7qTQ0tRgc6s3Gs7h1ZTO7/e3VuEoqtmp8Pm/gmEMEtqkPoDtMevcqg1+8I/pXczASW8V7YbQtpmww1r81hZSrNKQMSlcfikCES/lobe1Q7w8NH7RQMkgVzZY246ULcYc3qtC2DE9mIKhg+VklSqCv0zFlV6FFdW9E5cuZTpUs1MWw4eLE=~4470852~4273716; _abck=1676C85BF3ECBCF69975274117E26FBE~-1~YAAQPvffF1ahS9yAAQAAQ6U19wdgZ0p23LgMfm0QsDeAJI8RD/YAPQe366g5hGIe1klI/ZpE5q7vrOX0YxletWFVqUl9jaSokNX4er6uAeVjdJ1MEG/Sra6MhmJOPW6NPGWhn7dx1DZt1W1KvShd4LHknAILAfaIY1NhY/SVqOrt1SYmlAvQNw+yPxnWzPsHB9t3/y6TTFQfvREisQscoG4uqA6aV9ZKN953qMtLUkxc34mz+jNFGIwexn+8Dc6glGY5mVQPv95YFUO87ogIfMY2V+iDCxhNlh22QNx0O2QEHxrW+lLByRza/Nt5awaPGQtqzsnTf8J9JePL9fahS2e4995pgxTpHrGRxIQ5LljTpxD1H1yEVep3~-1~-1~-1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.17763
accept-language: en-US,en;q=0.5
content-length: 262
content-type: application/x-www-form-urlencoded
* We are completely uploaded and fine
< HTTP/2 302
< content-length: 0
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< x-frame-options: SAMEORIGIN
< cache-control: no-store
< content-language: en-US
< location: https://apps.irs.gov/app/eos/allSearch
< date: Tue, 24 May 2022 17:55:29 GMT
Failing (PHP 7.4.28, cURL 7.83.1):
* Connection #0 to host apps.irs.gov left intact
=> POST options: Array
(
[19913] => 1
[52] => 1
[10023] => Array
(
[0] => User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.17763
[1] => Accept-Language: en-US,en;q=0.5
)
[10031] =>
[113] => 1
[41] => 1
[47] => 1
[10015] => einTerm=01-0211671&orgTerm=&resultsPerPage=25&indexOfFirstRow=0&dispatchMethod=searchAll&city=&fromDate=&toDate=&sortColumn=orgName&isDescending=false&searchType=allSearch&searchBy=EIN&state=All+States&country=All+Countries&exemptionType=al&deductibilityCode=all
[10002] => https://apps.irs.gov/app/eos/search;jsessionid=hFYDovqSpPQ9unggYELKowMo.21
)
* Found bundle for host: 0x2952cc0 [can multiplex]
* Re-using existing connection #0 with host apps.irs.gov
* Connected to apps.irs.gov (23.63.32.192) port 443 (#0)
* h2h3 [:method: POST]
* h2h3 [:path: /app/eos/search;jsessionid=hFYDovqSpPQ9unggYELKowMo.21]
* h2h3 [:scheme: https]
* h2h3 [:authority: apps.irs.gov]
* h2h3 [accept: */*]
* h2h3 [cookie: JSESSIONID=hFYDovqSpPQ9unggYELKowMo.21; AWSALBCORS=53A7kbQtYAwW146QYR8asR3SdVn+X7GnECF27cV7LWrC6MEeeAluAo75yZtV6woDy6eJZY0Pn46tZqMMDD2hMlRwaT3Qouuu732Ds2n6s05oILuF4g0yuT1nQOZm; AWSALB=53A7kbQtYAwW146QYR8asR3SdVn+X7GnECF27cV7LWrC6MEeeAluAo75yZtV6woDy6eJZY0Pn46tZqMMDD2hMlRwaT3Qouuu732Ds2n6s05oILuF4g0yuT1nQOZm; ak_bmsc=F7644E5B2E56D5CEC9F9214427EB9974~000000000000000000000000000000~YAAQscM9F2GW4+OAAQAANyj78Q8vLFcckNUD0HpQL3ss6AowiPbRaFmid6iQfoj2VxAeSh/Qr6dNAGezumxbeEwNazFGWBgcYSs6QWeLXTW0IrBS/QWB5ZjpcsMHpVWP7mUH9Vxaq9F6k2JEAN6HyI7aRh1dtaxvNpFmdLGZIVEv0hK8eATTHeNAfTXjz2Gw7c0Ha0BQymd+LD0y7t3NR1wgq0vCu2lWjSYmJ8dLaiW8W3nkeZZxmWKrqQI0OUUKdApQIb1Sag0dsa9qvjfaHcQD2TbrVa76b6Ik7Qk5CQqZDIy/Olo0e45RQylLZXFIxKtWNRN29eM9eNWMcwBdcZ7Q5HgjLMcPEN5WXX8fzYfX4numSMPvDBk+tYS4m3w4rI02HNshjzl4; bm_sz=9B5A183873D9DA7C215F809E880759BE~YAAQscM9F1+W4+OAAQAAsCf78Q/Ng8FzoK+miI/aUvOjaHCHXBGNMhzxx+mfJ8TGPpLyCpaMInVzbUC4GWvCbONhhUqi6fndklKkuuzwADI4kR00c9t1PvQ8V8aA0AKyR8HNfMVMfIs5IuZVdPrw3ZYGDwK5WTykEQgvRafI0xVu/x12vCigOn2+4hMvhJaurXqeBfChnC3RvQiowQy+513BMncaIXgOYsZSuWf4+jgXrAgNEY6Wc2xfBKnHifxycbgVGKgdR+3636bK2wqNRGI4e8WYL+f1ArF48LgMOsQ=~3753527~4404275; _abck=69E0B24E2773CAD514F0180403F5F6A5~-1~YAAQscM9F16W4+OAAQAAsCf78QfvL3BASG5oiS90B4saRsXqnuJNdVzBb/ET/W9XsNJ+6bjHRek2i4SGmzuLG/ZASwyjFYIdCxQiEqOelIFq/N/1jfa9xwgKHPFY7nAgdWuTeawZnlt4ZSOiJiTsRRxNY95vE5cfFzXlQiVigU5E8RYu55DL/fj7t+vLMOKu4DMUtVblmep6xSffeKcxTu1cZqKsrTazZWCJQNimbxOVUuqSvCH3iTgSbuKRY+Z8f9d9tsdOX3UHHfCUoNIIGPVsAAan/c9CPKlaqCbARtLJQJxlci2QmQvz4C1m0q7P7lPO1GIVlwolKYSwOe1EdY/sGHF/tp2N/KmFurCdCK4Jko+kvQTj2lmS~-1~-1~-1]
* h2h3 [user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.17763]
* h2h3 [accept-language: en-US,en;q=0.5]
* h2h3 [content-length: 262]
* h2h3 [content-type: application/x-www-form-urlencoded]
* Using Stream ID: 5 (easy handle 0x294a520)
> POST /app/eos/search;jsessionid=hFYDovqSpPQ9unggYELKowMo.21 HTTP/2
Host: apps.irs.gov
accept: */*
cookie: JSESSIONID=hFYDovqSpPQ9unggYELKowMo.21; AWSALBCORS=53A7kbQtYAwW146QYR8asR3SdVn+X7GnECF27cV7LWrC6MEeeAluAo75yZtV6woDy6eJZY0Pn46tZqMMDD2hMlRwaT3Qouuu732Ds2n6s05oILuF4g0yuT1nQOZm; AWSALB=53A7kbQtYAwW146QYR8asR3SdVn+X7GnECF27cV7LWrC6MEeeAluAo75yZtV6woDy6eJZY0Pn46tZqMMDD2hMlRwaT3Qouuu732Ds2n6s05oILuF4g0yuT1nQOZm; ak_bmsc=F7644E5B2E56D5CEC9F9214427EB9974~000000000000000000000000000000~YAAQscM9F2GW4+OAAQAANyj78Q8vLFcckNUD0HpQL3ss6AowiPbRaFmid6iQfoj2VxAeSh/Qr6dNAGezumxbeEwNazFGWBgcYSs6QWeLXTW0IrBS/QWB5ZjpcsMHpVWP7mUH9Vxaq9F6k2JEAN6HyI7aRh1dtaxvNpFmdLGZIVEv0hK8eATTHeNAfTXjz2Gw7c0Ha0BQymd+LD0y7t3NR1wgq0vCu2lWjSYmJ8dLaiW8W3nkeZZxmWKrqQI0OUUKdApQIb1Sag0dsa9qvjfaHcQD2TbrVa76b6Ik7Qk5CQqZDIy/Olo0e45RQylLZXFIxKtWNRN29eM9eNWMcwBdcZ7Q5HgjLMcPEN5WXX8fzYfX4numSMPvDBk+tYS4m3w4rI02HNshjzl4; bm_sz=9B5A183873D9DA7C215F809E880759BE~YAAQscM9F1+W4+OAAQAAsCf78Q/Ng8FzoK+miI/aUvOjaHCHXBGNMhzxx+mfJ8TGPpLyCpaMInVzbUC4GWvCbONhhUqi6fndklKkuuzwADI4kR00c9t1PvQ8V8aA0AKyR8HNfMVMfIs5IuZVdPrw3ZYGDwK5WTykEQgvRafI0xVu/x12vCigOn2+4hMvhJaurXqeBfChnC3RvQiowQy+513BMncaIXgOYsZSuWf4+jgXrAgNEY6Wc2xfBKnHifxycbgVGKgdR+3636bK2wqNRGI4e8WYL+f1ArF48LgMOsQ=~3753527~4404275; _abck=69E0B24E2773CAD514F0180403F5F6A5~-1~YAAQscM9F16W4+OAAQAAsCf78QfvL3BASG5oiS90B4saRsXqnuJNdVzBb/ET/W9XsNJ+6bjHRek2i4SGmzuLG/ZASwyjFYIdCxQiEqOelIFq/N/1jfa9xwgKHPFY7nAgdWuTeawZnlt4ZSOiJiTsRRxNY95vE5cfFzXlQiVigU5E8RYu55DL/fj7t+vLMOKu4DMUtVblmep6xSffeKcxTu1cZqKsrTazZWCJQNimbxOVUuqSvCH3iTgSbuKRY+Z8f9d9tsdOX3UHHfCUoNIIGPVsAAan/c9CPKlaqCbARtLJQJxlci2QmQvz4C1m0q7P7lPO1GIVlwolKYSwOe1EdY/sGHF/tp2N/KmFurCdCK4Jko+kvQTj2lmS~-1~-1~-1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.17763
accept-language: en-US,en;q=0.5
content-length: 262
content-type: application/x-www-form-urlencoded
* We are completely uploaded and fine
< HTTP/2 403
< mime-version: 1.0
< content-type: text/html
< content-length: 334
< expires: Mon, 23 May 2022 17:33:30 GMT
< x-reference-error: 18.b1c33d17.1653327210.4d9dfd5
< date: Mon, 23 May 2022 17:33:30 GMT
< strict-transport-security: max-age=31536000
<
The second request lacks the [84] => 3, then also Found bundle for host apps.irs.gov: 0x564a9448dcc0 [can multiplex]. Please refer to the official documentation; since 2021-12-16 one can download the revocation data in bulk, eg:
https://www.irs.gov/charities-non-profits/tax-exempt-organization-search-bulk-data-downloads ...or parse the updates they might mail.
Authorization not found when using below code in php 8 (xampp), it working in php 7(xampp)
Undefined Authorization key.
require "../vendor_big/autoload.php";
use \Firebase\JWT\JWT;
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
header("Access-Control-Allow-Methods: POST");
header("Access-Control-Max-Age: 3600");
header("Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With");
require $_SERVER['DOCUMENT_ROOT'].'/db.php';
$data = (json_decode(file_get_contents("php://input"), true));
$authHeader = apache_request_headers();
// print_r($authHeader);
$secret_key = "bmR0di1zYWxlcy1hcHAtYWR0ZWNoLXJpc2hp";
$jwt = null;
$arr = explode(" ", $authHeader["Authorization"]);
$jwt = $arr[1];
output
Array
(
[Host] => localhost:8080
[Connection] => keep-alive
[sec-ch-ua] => " Not;A Brand";v="99", "Google Chrome";v="97", "Chromium";v="97"
[sec-ch-ua-mobile] => ?0
[sec-ch-ua-platform] => "Windows"
[Upgrade-Insecure-Requests] => 1
[User-Agent] => Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36
[Accept] => text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
[Sec-Fetch-Site] => none
[Sec-Fetch-Mode] => navigate
[Sec-Fetch-User] => ?1
[Sec-Fetch-Dest] => document
[Accept-Encoding] => gzip, deflate, br
[Accept-Language] => en-US,en;q=0.9
)
how to get authorization?
Related table not found in database. When all table added then this issue not appear.
I am sending a custom header to an API that I control using an AJAX call made via AngularJS.
Client (AngularJS)
var authorization_token = 'qwerty';
var custom_token_value = 'abc123';
$http.get('http://api.mywebsite.com/endpoint',{ headers:{'Auth':authorization_token,'Custom_Header':custom_token_value} }).then(function(res){
console.log(res.data);
});
Server (PHP 5.6)
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET,POST,PUT,DELETE');
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Auth, Custom_Header");
$headers = getallheaders();
print_r($headers);
Response
Array
(
[Accept-Language] => en-US,en;q=0.9
[Accept-Encoding] => gzip, deflate
[Referer] => http://localhost:8080/
[Auth] => qwerty
[User-Agent] => Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36
[Origin] => http://localhost:8080
[Accept] => application/json, text/plain, */*
[Connection] => close
[Host] => api.mywebsite.com
)
Why am I not able to see Custom_Header?
For anyone having this issue, after some trial and error I've discovered that the reason Custom_Header was not showing up is because it contained an _ (underscore) character. Underscore characters apparently get dropped from header keys.
More info here: Why underscores are forbidden in HTTP header names
I am sending customer header in AJAX call,
$.ajaxSetup( {
data: {csrf_token : csrf},
headers: {"Csrf_token" : csrf}
});
Below is content which i seen in Request Headers
Accept:*/*
Accept-Encoding:gzip, deflate
Accept-Language:en-GB,en-US;q=0.8,en;q=0.6
Cache-Control:no-cache
Connection:keep-alive
Content-Length:325
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Cookie:ci_session=kd817592v16s0p5b2f502hg39rs7olnu; csrf_cookie=22a1c908f3f036c90c2d0bf0f9b19497
Csrf_token:22a1c908f3f036c90c2d0bf0f9b19497
Host:testurl.com
Origin:http://testurl.com
Pragma:no-cache
Referer:http://testurl.com/xxx
User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36
X-Requested-With:XMLHttpRequest
But when i print this in PHP it only return below, i could not see my custom header "Csrf_token"
> Array ( [X-Forwarded-For] => 57.73.33.1 [Cookie] =>
> `ci_session=kd817592v16s0p5b2f502hg39rs7olnu;
> csrf_cookie=22a1c908f3f036c90c2d0bf0f9b19497 [Accept-Language] =>
> en-GB,en-US;q=0.8,en;q=0.6 [Accept-Encoding] => gzip, deflate
> [Referer] => http://testurl.com/xxx [X-Requested-With] =>
> XMLHttpRequest [Accept] => */* [Content-Type] =>
> application/x-www-form-urlencoded; charset=UTF-8 [User-Agent] =>
> Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like
> Gecko) Chrome/54.0.2840.99 Safari/537.36 [Origin] =>
> http://testurl.com[Cache-Control] => no-cache [Pragma] => no-cache
> [Content-Length] => 325 [Connection] => close [Host] => testurl.com )`
How can i get that customer header in PHP? I am using codeigniter,
I only got output by below,
$.ajaxSetup( {
data: {csrf_token : csrf},
headers: {"csrf-token" : csrf, "csrf_token1" : csrf}
});
It will not print values with _ name but can print with - names.
Csrf-Token : "22a1c908f3f036werc90c2d0bf0f9b19497"
Use this
$headers = $this->input->request_headers();
link : https://www.codeigniter.com/user_guide/libraries/input.html#CI_Input::get_request_header
I am sending request header using XMLHttpRequest :
liveXhr.open("GET", url, true);
liveXhr.setRequestHeader("keychain_id", signatureKEYCHAINID);
liveXhr.setRequestHeader("timestamp", signatureTS);
liveXhr.setRequestHeader("signature", signature);
liveXhr.send();
On my localhost everything is fine, when i log :
error_log(print_r(apache_request_headers(), true));
I have this :
[Host] => localhost
[Connection] => keep-alive
[Pragma] => no-cache
[Cache-Control] => no-cache
[timestamp] => 1478279032
[signature] => abcd
[keychain_id] => abcd
[User-Agent] => Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 ( KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
[Content-Type] => text/plain
I can get the values for timestamp, signature, keychain_id
On my preprod server for the same process :
...
[Access-Control-Request-Headers] => keychain_id, signature, timestamp
...
I can't get the values of timestamp, signature, keychain_id.
Is it an apache setting concern or something else ?
Try:
//array
$requestHeaders = apache_request_headers();
//get array item by name
$keyChainId = $requestHeaders['keychain_id'];
$timestamp = $requestHeaders['timestamp'];
$signature = $requestHeaders['signature'];
//print items
echo "- keychain_id = $keyChainId";
echo "\n- timestamp = $timestamp";
echo "\n- signature = $signature";
[Edited]
Try:
//not underscore
liveXhr.setRequestHeader("keychainid", KEYCHAINID);
...
//prefix HTTP_
var_dump($_SERVER['HTTP_TIMESTAMP']);
var_dump($_SERVER['HTTP_SIGNATURE']);
var_dump($_SERVER['HTTP_KEYCHAINID']);