How to capture the Header of a PHP Curl request?

Asked

Viewed 134 times

0

I’m setting up a local Rest API for testing and learning how to authenticate via Headers, so I have 2 files that will interact:

1: Client.php

$DadosArray = array();
$DadosArray["item"] = "1234";
$DadosArray["descricao"] = "Pedido teste";
$DadosArray["valor"] = "4321";

$buildQuery = json_encode($DadosArray);

$curl = curl_init("http://localhost/Server.php");
curl_setopt(
    $curl,
    CURLOPT_HTTPHEADER,
    array(
        "Authorization: 5a7753536b62545a6a684b",
        "Content-Type: application/json"
    )
);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $buildQuery);
curl_setopt($curl, CURLOPT_VERBOSE, true);

$retorno = curl_exec($curl);

curl_close($curl);

2: Server.php

$input_data = file_get_contents("php://input");

file_put_contents("Server.log", print_r($input_data , true));

I am writing in a log file the received content on the server and the result is

{"item": "1234","descricao":"Pedido teste","valor":"4321"}

So far so good I can receive the data, but I wanted to know if I can authenticate the TOKEN coming from "Authorization" that is inside the "CURLOPT_HTTPHEADER", because it does not appear in the json data

I understand that the header should not be part of the json, but I have no idea how I can access it.

I searched the web and found enough content to consume Apis with Curl, but none of them showed me how the server side works on authentication.

I could send the token to the json client, but I don’t think it’s good practice, I wanted to do something a little better.

I would like if possible not to use external components or classes.

1 answer

2


Use the variables $_SERVER['HTTP_*'] to get the headers in case:

$input_data = file_get_contents("php://input");

$authorization = $_SERVER['HTTP_AUTHORIZATION'];

You can also use the function getallheaders() (is a nickname for function apache_request_headers())

It should look something like:

$headers = getallheaders();

var_dump($headers['Authorization']);

In some cases, such as apache, it is necessary to configure in . htaccess something like:

RewriteRule . - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  • 1

    Guilherme, I managed using the '$headers = getallheaders();' 10 for you! Just commenting, I do not know why they gave negative note because I explained in the text that I did not find or understood solution in the research I did, but each one... I just think that these negative votes end up taking the credibility of the solution found in the case yours. the subject has indeed been resolved and serves for future research.

  • It is worth mentioning that this suggestion did not work for me: RewriteRule . - [e=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

  • @Marcelo is using Apache and has a .htaccess? Saying it doesn’t work for me doesn’t help at all to help you. You have to explain. Thank you for understanding.

  • um... you quoted the . htaccess in the answer so I figured that putting only this would be enough to deduce that I use . htaccess, reading on the web saw that the option could be "Rewriterule . - [HTTP_AUTHORIZATION:%{HTTP:Authorization}]" without the "e=", but I looked for curiosity since the "getallheaders" function worked. Then calmly try again . htaccess

  • @Marcelo may have been that I wrote wrong, I don’t remember if the flags in rewriterule are case-sensitive or insensitive, can use [E] or [env], I just don’t know if [e] minusculo works, as I wrote the rule in haste I ended up typing like this, when it should be [E], but it can also be error in your current htaccess. Then I’ll confirm to you.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.