-
Notifications
You must be signed in to change notification settings - Fork 65
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Basic case-insensitive and PHP_AUTH_USER #33
Comments
According to RFC2617 the authentication scheme is case-insensitive.
PHP itself is quite picky about format of of headers though. What is the problem current behaviour causes you? |
Thanks for the super fast response and the clarification of the RFC. My problem is that I trust the authentication and expect a PHP_AUTH_USER. I double check this now:
You're right. PHP is case sensitive. basic - ❌ PHP_AUTH_USER:
Basic - ✅ PHP_AUTH_USER:
If the standard says that |
You could try to set $app->add(new \Slim\Middleware\HttpBasicAuthentication([
...
"callback" => function ($request, $response, $arguments) {
$_SERVER['PHP_AUTH_USER'] = $arguments['username'];
}
])); That said middleware could actually do that by default if authentication succeeds and |
Good idea. This works for me. Thank you very much. |
Hi,
I have the following code:
If I pass in the header "Authorization: Basic" (upper case B) the authentication is successful and PHP_AUTH_USER is set:
If I pass in the header "Authorization: basic" (lowercase letter b) the authentication is successful and PHP_AUTH_USER is not set.
When I remove the case-insensitive (/i) Regular Expression in HttpBasicAuthentication.php then the authentication with basic (lowercase letter b) fails:
That would be better in my case. I am briefly overflown the RFCs. Basic is always written with (upper case B).
Best regards
Nils
The text was updated successfully, but these errors were encountered: