I have this function for Basic Authorization for my API.
private function authorize() {
$headers = apache_request_headers();
if(isset($headers['Authorization'])){
if ($headers['Authorization'] == '14abd57ece42d9489aeae6e1865064751') { //'akif&&nadeem'
return true;
}
}
return false;
}
It works well on my API domain domain.com/api/actionname
But it does not work [Fails Authorization] when I try to access my API via a Sub Domain subdomain.domain.com/api/actionname
All code is correctly in place and API is performing perfectly without Authorization. Any idea how can I fix this?
Output of the Headers is as follows:
array(9) {
["Host"]=>
string(24) "ultimate.bleupage.online"
["Connection"]=>
string(10) "keep-alive"
["User-Agent"]=>
string(115) "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"
["Cache-Control"]=>
string(8) "no-cache"
["Postman-Token"]=>
string(36) "6330a309-ffcf-d72e-936a-bf10ff154d45"
["Accept"]=>
string(3) "*/*"
["Accept-Encoding"]=>
string(13) "gzip, deflate"
["Accept-Language"]=>
string(26) "en-GB,en-US;q=0.8,en;q=0.6"
["Cookie"]=>
string(36) "PHPSESSID=p2m0cc7sq7kn8fk2motvrobnn4"
}
Try using some other parameter key than Authorization, like Auth, because sometimes Apache filters away the Authorization header you can get more info here Apache 2.4 + PHP-FPM and Authorization headers.
which you can access, like this(with $_SERVER):
$_SERVER['HTTP_AUTH']
Or Like this(with apache_request_headers):
apache_request_headers()['Auth'];