{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 别忘想泡老子 的问题《Server removes custom HTTP header fields》','https://www.manongdao.com/q-769580.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I've been trying to receive HTTP requests with custom fields in the headers but it seems like my server removes them...
This is the request that I am sending to the server (I read that request with a HTTP Proxy) :
POST /oauth.php/request_token HTTP/1.1
Host: domain.com
User-Agent: DearStranger/1.0 CFNetwork/485.12.7 Darwin/10.6.0
Authorization: OAuth realm="", oauth_consumer_key="ebb942f0d260b06cb533c6133c28408004d343197", oauth_signature_method="HMAC-SHA1", oauth_signature="qPBFAa8XRRbor2%2F%2FQXv6kU3%2F7jU%3D", oauth_timestamp="1295278460", oauth_nonce="E7D6AC76-74CE-4951-8182-7EBF9B382E7E", oauth_version="1.0"
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Pragma: no-cache
Content-Length: 0
Connection: keep-alive
Proxy-Connection: keep-alive
I printed the headers of the request when I arrive on my page.php. I see that :
uri http://domain.com/oauth.php/request_token
parameters
headers Array
.... Accept : */*
.... Accept-Encoding : gzip, deflate
.... Accept-Language : en-us
.... Connection : keep-alive
.... Host : domain.com
.... User-Agent : DearStranger/1.0 CFNetwork/485.12.7 Darwin/10.6.0
method POST
when I should be seeing that (it is working on a local version)
uri http://localhost:8888/oauth.php/request_token
parameters
headers Array
.... Accept : */*
.... Accept-Encoding : gzip, deflate
.... Accept-Language : en-us
.... Authorization : OAuth realm="", oauth_consumer_key="582d95bd45d455fa2e5819f88fc0c5a104d2c7ff3", oauth_signature_method="HMAC-SHA1", oauth_signature="agPSFdtlGxXv2sbrz3pRjHlROOE%3D", oauth_timestamp="1295272680", oauth_nonce="667A133C-5071-48AB-9F13-8146425E46B7", oauth_version="1.0"
.... Connection : keep-alive
.... Content-Length : 0
.... Host : localhost:8888
.... User-Agent : DearStranger/1.0 CFNetwork/485.12.7 Darwin/10.6.0
method POST
I am using php 5.2.17 on the server.
Do you have any idea to help me fix that issue?
Thanks!
Please include the actual names of the headers that are being cut. This question is useless in its present form, forcing us to guess...
Have you checked with Firebug/HTTPFox that your browser's actually sending those headers? Unless you've specifically configured the server to clean up the headers, it's going to pass-through any custom ones as-is.
The Authorization header, which is where the OAuth data gets sent, would ONLY be sent by a client in response to a server-side 401 "authorization required" request. If you haven't added the server-side "must have password to get in" configuration, the client's not going to send auth info.
Actually, there is a pretty easy fix. The fault lays with fastcgi. You can just provide an .htaccess file with a rewrite rule to save the header.
Credit goes here: https://drupal.org/node/1365168
They also talk about an even simpler solution to let these headers pass through, if you are using a virtual host.
Apache strips the Authentication header because it's a security risk, when used with CGI. Are you using PHP through CGI?
I think PHP also strips Authentication in some circumstances. Again, there's a risk that exposing it to scripts will allow one users' code to sniff other users' on the same server (e.g., if Alice and Bob both have accounts).