Marco Gasi
asked on
Can't get custom http headers
Hi everybody.
I'm writing the php backend for an Android native app developed by another team.
They are sending to the server in the http headers the value of user_token but I'm not able to get it. I used getllheaders() functions but it doesn't return it.
I have added to .htaccess following lines:
I performed several tests using https://www.hurl.it/ but with no success (
I really don't know how to solve this issue: any idea?
Thank you
I'm writing the php backend for an Android native app developed by another team.
They are sending to the server in the http headers the value of user_token but I'm not able to get it. I used getllheaders() functions but it doesn't return it.
I have added to .htaccess following lines:
RewriteEngine on
RewriteRule .? - [E=user_token:%{HTTP:user_token}]
and then tried to find the value in the superglobal $_SERVER. the index is present but it is empty.I performed several tests using https://www.hurl.it/ but with no success (
I really don't know how to solve this issue: any idea?
Thank you
If they're sending values via HTTP headers, then you shouldn't need the .htaccess. HTTP headers will automatically come through in $_SERVER. Trying removing the .htaccess file from the equation.
ASKER
Hello gr8gonzo. I tried (and I have already tried): my custom header is missing. If I add the htaccess it is present but empty, probably because of the htaccess.
It looks like my custom header is totally ignored and I confess I don't know anything about this so I can't guess what is the issue. I read about CORS, but in my script there is no meta tag at all, just plain php...
It looks like my custom header is totally ignored and I confess I don't know anything about this so I can't guess what is the issue. I read about CORS, but in my script there is no meta tag at all, just plain php...
I would write a PHP test page that sets your custom header with the PHP 'header' command and see if it comes thru. If it does and you're not getting it from the app, then maybe they need to show you that it exists.
If it's not there without the .htaccess, then it's not being sent. The fact that the .htaccess makes an empty header appear just reinforces this - the .htaccess is adding a header but it has no source value, so the entry is empty.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Looks like Julian and I were on the same page but he beat me to the punch with the reflection script.
ASKER
Thank you guys. I'll try your scripts. Using https://www.hurl.it/ with a my test script in another domain, everything works fine. So in the domain of my client there is something which is blocking custom headers.
Now the questions: where do I have to look for? In the main htaccess in the web root? Or Do I have to check if Php is installed as Apache extension or CGI script? Or something else?
Now the questions: where do I have to look for? In the main htaccess in the web root? Or Do I have to check if Php is installed as Apache extension or CGI script? Or something else?
Could be a variety of sources. I would just follow the path of the request:
www.hurl.it
--> recipient IP receiver (router / firewall)
--> possible software firewall on the server hosting Apache
--> Apache main config (any directives that might strip out headers or rewrite the request)
--> Apache plugins (any security plugins / modules that might adjust headers)
--> .htaccess file
--> PHP code that might run before yours
Without knowing the infrastructure, it's hard to say for sure what places to look. However, I will say that it's far more likely that the request is being intercepted and rewritten/rerouted to the final location than it is for the headers to simply be stripped out.
I would personally use a network script or application for sending the HTTP requests instead of hurl.it, so you can use a proxy like Fiddler to watch the traffic and see if the request is being redirected somewhere along the line.
www.hurl.it
--> recipient IP receiver (router / firewall)
--> possible software firewall on the server hosting Apache
--> Apache main config (any directives that might strip out headers or rewrite the request)
--> Apache plugins (any security plugins / modules that might adjust headers)
--> .htaccess file
--> PHP code that might run before yours
Without knowing the infrastructure, it's hard to say for sure what places to look. However, I will say that it's far more likely that the request is being intercepted and rewritten/rerouted to the final location than it is for the headers to simply be stripped out.
I would personally use a network script or application for sending the HTTP requests instead of hurl.it, so you can use a proxy like Fiddler to watch the traffic and see if the request is being redirected somewhere along the line.
ASKER
The hyphen vs underscore was the origin of my issue! Thank you gr8gonzo for having pointed it out. And thanks to Julian for his good script, I'm sure I'll use it soon or later :)