How do I access the Authorization header of a request with Perl Dancer?
I have tested my client and it is successfully passing the Authorization header, but it does not appear in the request->headers hash. I can get it to show up by simply misspelling it or appending an X- in front but I'm making an API and would like to use the conventional header to pass the request signature for authentication.
Looks like FastCGI strips the Authorization header, probably because basic HTTP auth is hideously insecure. Not that sending in the username and password over a POST is any better.
From Plack::Handler::FCGI...
Most fastcgi configuration does not pass Authorization headers to
HTTP_AUTHORIZATION environment variable by default for security reasons.
Authentication middleware such as Plack::Middleware::Auth::Basic or
Catalyst::Authentication::Credential::HTTP requires the variable to be set up.
Plack::Handler::FCGI supports extracting the Authorization environment variable
when it is configured that way.
Apache2 with mod_fastcgi:
--pass-header Authorization
mod_fcgid:
FcgiPassHeader Authorization
It's also mentioned as a caveat to Plack::Middleware::Auth::Digest.