Cphalcon: [BUG] missing custom header in output from request->getHeaders()

Created on 3 Apr 2014 · 23Comments · Source: phalcon/cphalcon

Array returned from native php functions getallheaders() and apache_request_headers() contains item "Authorization" (header injected via angular), but output from $this->request->getHeaders() don't.
Expected result: request->getHeaders() should return all available headers

Tested on: phalcon 1.3.0, Apache/2.4.4 (Win32) PHP/5.4.16

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

bug stale medium

Source

zdenekgebauer

Most helpful comment

The implementation seems to be correct. The implementation also happens to be very similart to Zend Framework's implementation as well.

The Issue seems to be that the users are using PHP as a CGI/FastCGI. We will need to do some .htaccess magic in order for it to appear in request->getHeaders();

Something like this maybe? -

# On .htaccess
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] # Authorization will now be returned by getHeaders()

The reason why getAllHeaders() works is because it actually calls an Apache function to get all the headers. One thing we need to take into account is that not everyone uses Apache as their server! While I haven't tried this, I would imagine this would be an issue in say NGINX or even IIS.

I guess there are two ways we can go about addressing this "bug" -

Check if apache_request_headers() returns anything, then use that otherwise use _SERVER with keys starting with HTTP_ (current implementation).
Update the documentation stating that if you want to capture custom headers, you will need to update .htaccess

I prefer the second option because of the reasons stated above.

References -
Zend implementation - https://github.com/zendframework/zend-xmlrpc/blob/master/src/Request/Http.php#L81

Phalcon implementation - https://github.com/phalcon/cphalcon/blob/2.1.x/phalcon/http/request.zep#L791

rahuldroy on 10 Jun 2016

👍2

All 23 comments

same problem on phalcon 1.3.1, Apache/2.4.4 (Win32) PHP/5.4.16

zdenekgebauer on 3 Apr 2014

Same problem.

But $_SERVER['PHP_AUTH_USER'] and $req->getBasicAuth() work.

ghost on 3 Apr 2014

Same here, phalcon 1.3.1 ,Apache/2.2.22 , Ubuntu

chrobakos on 4 Jun 2014

Any update on this? I got the same issue

Phalcon 1.3.0, PHP 5.4.8, Apache/2.2.26, Mac 10.9.3

nazieb on 20 Jun 2014

I used php's getallheaders() instead

chrobakos on 20 Jun 2014

Same problem here with Phalcon 1.3.2, PHP 5.4.12, Apache/2.4.4, Win7

MickaelViaud on 15 Jul 2014

Wasted 2 days, missed deliverable date because of this minor tiny issue.....

No updates?

smorhaim on 18 Sep 2014

I am so happy to search the method getHeader() before using it and wasting days. when will this be fixed?

AndreBaumeier on 22 Sep 2014

rzajac on 6 Oct 2014

robertsmolarek on 23 Oct 2014

Be aware, the above pull-request is for v2.0.0

rianorie on 9 Nov 2014

renhyl on 7 Jan 2015

btw $app->request->getHeader() does not grab custom header too.

renhyl on 7 Jan 2015

if your header is: X-SOMETHING-ELSE you can get it with $app->request->getHeader('HTTP_X_SOMETHING_ELSE');

dragosdm on 30 Jan 2015

me too same problem with Phalcon 1.3.2

santosh-x on 5 Mar 2015

phalcon 2.0.0 too

w3yyb on 11 May 2015

Phalcon 2.0.10 is affected too.
IMHO Request->getHeaders() should simply return getallheaders()

Any good reason for header checks in Request->getHeader() ?

nask0 on 29 Mar 2016

👍2

I confirm that Phalcon 2.0.10 is affected as well!
Imho this needs a quick fix!

micheleangioni on 20 Apr 2016

The implementation seems to be correct. The implementation also happens to be very similart to Zend Framework's implementation as well.

The Issue seems to be that the users are using PHP as a CGI/FastCGI. We will need to do some .htaccess magic in order for it to appear in request->getHeaders();

Something like this maybe? -

# On .htaccess
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] # Authorization will now be returned by getHeaders()

I guess there are two ways we can go about addressing this "bug" -

Check if apache_request_headers() returns anything, then use that otherwise use _SERVER with keys starting with HTTP_ (current implementation).
Update the documentation stating that if you want to capture custom headers, you will need to update .htaccess

I prefer the second option because of the reasons stated above.

References -
Zend implementation - https://github.com/zendframework/zend-xmlrpc/blob/master/src/Request/Http.php#L81

Phalcon implementation - https://github.com/phalcon/cphalcon/blob/2.1.x/phalcon/http/request.zep#L791

rahuldroy on 10 Jun 2016

👍2

@andresgutierrez / @sergeyklay,

Are we going to do some changes for this based on the previous comment?

rahuldroy on 6 Jul 2016

I'll try to sort out

sergeyklay on 6 Jul 2016

@sergeyklay, let me know if I can help in any way

rahuldroy on 6 Jul 2016

Thank you for contributing to this issue. As it has been 90 days since the last activity, we are automatically closing the issue. This is often because the request was already solved in some way and it just wasn't updated or it's no longer applicable. If that's not the case, please feel free to either reopen this issue or open a new one. We will be more than happy to look at it again! You can read more here: https://blog.phalconphp.com/post/github-closing-old-issues