[#29845] - [4.0] - Token Authentication does not work on cPanel/WHM running PHP 7.3.0 with apache2handler
- Closed
- 30 Jun 2020
- Medium
- Build: staging
- # 29845
Steps to reproduce the issue
Install Joomla 4 Beta 1.
Try to authentication using Bearer Token Header using postman or the tool of your choice on /api/index.php/v1/content/article
Expected result
Should work and display articles JSON (however, this is valid on all API's)
Actual result
You'll see 403 error in return
System information (as much as possible)
PHP 7.3.0
apache2handler
(php-fpm(FastCGI) is disabled)
Joomla 4.1 Beta
Additional comments
Adding the below code to .htaccess file fixes the issue.
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
https://github.com/joomla/joomla-cms/blob/4.0-dev/plugins/api-authentication/token/token.php#L91
I have tried a print_r of both $_SERVER and apache_request_headers() and both appear to NOT have the Authorization header.
This is a default cPanel/WHM with EasyApache 4 setup.
joomla-cms-bot
- | Labels |
Added:
?
|
||
| Title |
|
||||||
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2020-06-30 19:48:03 |
| Closed_By | ⇒ | chetanmadaan |
Got it. so the Hack/fix is really having that line as part of .htaccess. I guess that does it.
Thank You Phil.
I have not tested the changes - but knowing Nic who developed them, he would have tested it on multiple platforms and it has changed since your beta 1 code test - give it a go and report back if the new htaccess fixes your specific issue :-)
Try recently released Joomla 4.0.0 Beta 2 released today which has a new htaccess.txt with the changes from #29303