I had just finished creating a PHP RESTful server and configured my angular client to use Google Plus or my mySQL backend to logon. The needed result of the logon process was an access token that the angular client could pass with it’s RESTful requests to the server so the server to authenticate the user. The access token is supposed to be sent in an HTTP header as you wouldn’t want the access-token shown on a GET URL request. (A RESTful server uses GET, POST, DELETE, and PUT requests.) In Angular, you can set HTTP requests to have a default header called Authorization.
$http.defaults.headers.common['Authorization'] = "Bearer " + this.accessToken;
While figuring out how to obtain this access token on the server, I decided to test this using my GoDaddy account.
I created a test.php file:
then used CURL to pass it a request with the header.
$ curl -X POST -H "application/json" -H "Authorization: Bearer 44444444" -d '{"story": "33"}' //jhtechservices.com/test.php
The results showed everything contained in $_SERVER, but authorization was not there. Researched and researched and found all sorts of possible solutions. In the end, the problem was due to how GoDaddy implements PHP (though, from what I’ve read many providers implement PHP in this way because of how efficient it is). They use FASTCGI. In the past we could turn this off in the cpanel, but no longer. In the end found a great solution at this link: https://drupal.org/node/1365168 in a comment by jobeirne. I added a line to my .htaccess file and now ‘HTTP_AUTHORIZATION’ is in my $_SERVER.
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# Pass Authorization headers to an environment variable
RewriteRule .* - [E=HTTP_Authorization:%{HTTP:Authorization}]
I mentioned this to a friend who is developing Docker containers. He commented that these problems would go away with Docker since your development environment becomes your production environment.