我正在使用 Lumen 框架在 API 中实现身份验证。我在本地主机上的 header 中传递 api_token ,它工作正常。在Linux服务器上上传时,它在api_token header 中给出空值。我正在使用 postman 来检查回复
这是我的 AuthMiddleware@handle 代码,用于检查该值。
echo $request->header("api_token");
我大部分时间都在谷歌上搜索,发现需要进行 public/.htaccess 更改,但对我来说不起作用。
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
在我的 .htaccess 的末尾
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
我不知道如何配置 apache2 的请求 header 。
最佳答案
请求 header 键应避免使用下划线。 连字符 更常见,您应该将请求 header 键重命名为api-token。根据Apache 2.4 new features :
Translation of headers to environment variables is more strict than before to mitigate some possible cross-site-scripting attacks via header injection. Headers containing invalid characters (including underscores) are now silently dropped. Environment Variables in Apache has some pointers on how to work around broken legacy clients which require such headers. (This affects all modules which use these environment variables.)
关于.htaccess - Lumen 从请求中获取 header key ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47845778/