Skip to content

Commit

Permalink
Allow lowercase Authorization header
Browse files Browse the repository at this point in the history 
Other headers were accepted as lowercase (including Zotero-API-Key), but
not Authorization

Fixes #27
  • Loading branch information
@dstillman @uniuuu
dstillman authored and uniuuu committed May 7, 2023
1 parent 28a234e commit c669ab0
Showing 1 changed file with 6 additions and 3 deletions.
9 changes: 6 additions & 3 deletions controllers/ApiController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -212,10 +212,13 @@ public function init($extra) {
// other than Basic/Digest, so use an Apache-specific method to get the header
if (!$key && function_exists('apache_request_headers')) {
$headers = apache_request_headers();
if (isset($headers['Authorization'])) {
if (isset($headers['Authorization']) || isset($headers['authorization'])) {
$val = isset($headers['Authorization'])
? $headers['Authorization']
: $headers['authorization'];
// Look for "Authorization: Bearer" from OAuth 2.0, and ignore everything else
if (preg_match('/^bearer/i', $headers['Authorization'], $matches)) {
if (preg_match('/^bearer +([a-z0-9]+)$/i', $headers['Authorization'], $matches)) {
if (preg_match('/^bearer/i', $val, $matches)) {
if (preg_match('/^bearer +([a-z0-9]+)$/i', $val, $matches)) {
$key = $matches[1];
}
else {
Expand Down

0 comments on commit c669ab0

Please sign in to comment.