-
Notifications
You must be signed in to change notification settings - Fork 66
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authenticator misinterpretation of "authorization" header #105
Comments
It seems this code is somehow failing. Header names are case insensitive. Changing the header to lowercase should not affect anything. I will setup a test case and see what is happening. |
This seems to be an issue with In other words quick workaround at the moment is:
|
Thanks for your research, the workaround fixes my problem for now. Do you already have created an issue for this in the |
I did. It is the slimphp/Slim-Psr7#188. |
This has been fixed in slimphp/Slim-Psr7#195 |
Hey,
I work with Slim 4.7 and slim-basic-auth 3.3 and realize a Basic Auth Authentification with a custom authenticator:
middleware.php
authenticator.php
I have the following problem:
When I request a secured endpoint with the HTTP Header "Authentication: Basic ..." the arguments "user" and "password" in the
$arguments
variable of the Authenticator__invoke
method are interpreted and used correctly.When I access the endpoint from a JS frontend with
fetch
, which converts the custom HTTP Headers to lowercase, like "authentication: Basic ...", the request get rejected all the time.I logged the
$arguments
input in the__invoke
method and see a difference:Even without
fetch
and JS the problem can easily reproduced with CURL by changing the spelling of "Authentication" to "authentication" as the HTTP Header field.I am not using multiple users in authentication.
Has anyone an idea where this behavior is coming from or how I can workaround/fix it?
Regards
The text was updated successfully, but these errors were encountered: