Header can not set – SlimFramework

I have the same problem again.

Old post here

I have a angular app and SlimFramework for api connect.

Local it works fine but when i publish to my Website come the error that my Header no set. But the info on the API testing tool says it’s allowed from * IP.

Can someone help me?

Here a valid token: Basic TyOSZcfBwMC6DR9kbAWeMnPmhF4ohZu2n9LccQEyt6uXNt8PTT

Thx

    $app = new SlimApp(["settings" => $config]);
$container = $app->getContainer();
$app->options('/{routes:.+}', function ($request, $response, $args) {
    return $response;
});
$app->add(function ($req, $res, $next) {
    $response = $next($req, $res);
    return $response
        ->withHeader('Access-Control-Allow-Origin', '*')
        ->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization')
        ->withHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, DELETE, PUT');
});

$container['logger'] = function($c) {
    $logger = new MonologLogger('my_logger');
    $file_handler = new MonologHandlerStreamHandler("../../logs/app.log");
    $logger->pushHandler($file_handler);
    return $logger;
};
$app->get('/token', function ($request, $response){
    $db = new DbOperation();
    if (!$request->hasHeader('Authorization')) {
        return $response->withJson([
            "success"=> false,
            "message" => "Header not set.",
            "textcode"=> "MSG2"
        ], 401);
    }
    $token = $request->getHeader('Authorization');

    if($db->checkToken($token[0])){
        $user = $db->userInfo($token[0]);
        if($db->checkActivate($user['auth_user'])){
            if($db->checkExpired($user['auth_user'])){
                return $response->withJson([
                    "success"=> false,
                    "message" => "The validity of the login has expired. If you have any questions, please contact the administrator..",
                    "textcode"=> "MSG6"
                ], 401);
            } else {
                return $response->withJson(["success"=> true], 200);
            }
        } else {
            return $response->withJson([
                "success"=> false,
                "message" => "This account has not yet been activated.",
                "textcode"=> "MSG8"
            ], 401);
        }
    } else {
        return $response->withJson([
            "success"=> false,
            "message"=>'Invalid token',
            "textcode"=> "MSG1"
        ], 403);
    }
});

JavaScript
​x
 
    $app = new SlimApp(["settings" => $config]);$container = $app->getContainer();$app->options('/{routes:.+}', function ($request, $response, $args) {    return $response;});$app->add(function ($req, $res, $next) {    $response = $next($req, $res);    return $response        ->withHeader('Access-Control-Allow-Origin', '*')        ->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization')        ->withHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, DELETE, PUT');});​$container['logger'] = function($c) {    $logger = new MonologLogger('my_logger');    $file_handler = new MonologHandlerStreamHandler("../../logs/app.log");    $logger->pushHandler($file_handler);    return $logger;};$app->get('/token', function ($request, $response){    $db = new DbOperation();    if (!$request->hasHeader('Authorization')) {        return $response->withJson([            "success"=> false,            "message" => "Header not set.",            "textcode"=> "MSG2"        ], 401);    }    $token = $request->getHeader('Authorization');​    if($db->checkToken($token[0])){        $user = $db->userInfo($token[0]);        if($db->checkActivate($user['auth_user'])){            if($db->checkExpired($user['auth_user'])){                return $response->withJson([                    "success"=> false,                    "message" => "The validity of the login has expired. If you have any questions, please contact the administrator..",                    "textcode"=> "MSG6"                ], 401);            } else {                return $response->withJson(["success"=> true], 200);            }        } else {            return $response->withJson([                "success"=> false,                "message" => "This account has not yet been activated.",                "textcode"=> "MSG8"            ], 401);        }    } else {        return $response->withJson([            "success"=> false,            "message"=>'Invalid token',            "textcode"=> "MSG1"        ], 403);    }});​

Answer

Your basic auth credentials do not decode into anything meaningful. PHP tends to silently ignore Authorization headers which it thinks are malformed. Try with something like Basic dGVzdDp0ZXN0 which decodes into test:test.

Workaround for this has however been added to Slim starting from version 3.5.0. Upgrading your Slim installation might also help.

Advertisement

Answer