Facebook
Twitter
rabrowne85
New Pleskian
Hi All,
I've been struggling with this issue for the last two days and I've concluded that this a server configuration issue.
I have a Laravel application running on my server which serves a simple API. I'm trying to use a personal access token in postman to access the endpoint passing it as a bearer token in the header:
However, the application is not seeing the token. I have setup a simple endpoint api/test that responds with the bearer token that it sees. Presently, with everything I've tried thus far, I keep getting null returned.
The server config is as follows:
I have tried solutions from:
Question - Empty Authorization header on PHP with nginx
How to pass authentication headers in PHP on a Fast-CGI enabled server - xneelo Help Centre
Apache 2.4 + PHP-FPM and Authorization headers
Send additional HTTP headers to Nginx’s FastCGI
All of which have had no improvement. I've tried turning things on/off, changing how the php application is served, with no improvement.
I added the log_forensic module into the configuration and logged the requests to file. This indicated that the Authorization header was being stripped before the logger was seeing it - i.e. the header was missing from each request in the log file.
Does anyone have any ideas what I need to change for this to work? Any and all help would be appreciated.
Many thanks in advance.
I've been struggling with this issue for the last two days and I've concluded that this a server configuration issue.
I have a Laravel application running on my server which serves a simple API. I'm trying to use a personal access token in postman to access the endpoint passing it as a bearer token in the header:
Code:
Authorization: Bearer {{API_KEY}}However, the application is not seeing the token. I have setup a simple endpoint api/test that responds with the bearer token that it sees. Presently, with everything I've tried thus far, I keep getting null returned.
The server config is as follows:
- PHP 8.1.3 run as FPM application served by nginx
- CGI Support OFF
- FastCGI support OFF
- SSI Support OFF
- Additional nginx directives:
Code:
proxy_set_header Authorization $http_authorization; proxy_pass_header Authorization;- Nginx settings:
- Proxy mode ON
- Smart static files processing ON
- Serve static files directly by nginx OFF
- Enbale nginx caching OFF
Code:
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Send Requests To Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>I have tried solutions from:
Question - Empty Authorization header on PHP with nginx
How to pass authentication headers in PHP on a Fast-CGI enabled server - xneelo Help Centre
Apache 2.4 + PHP-FPM and Authorization headers
Send additional HTTP headers to Nginx’s FastCGI
All of which have had no improvement. I've tried turning things on/off, changing how the php application is served, with no improvement.
I added the log_forensic module into the configuration and logged the requests to file. This indicated that the Authorization header was being stripped before the logger was seeing it - i.e. the header was missing from each request in the log file.
Does anyone have any ideas what I need to change for this to work? Any and all help would be appreciated.
Many thanks in advance.
