You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
No, since that only triggert on Basic authentication and not on Bearer authentication. Also the destination $_SERVER key is different (HTTP_ vs REMOTE_ not sure if the flow/neos subsystem triggers on that)
In general I found that the current code for the token from headers is really brittle, it needs to account for Authentication headers being an arry, for Basic authentication AND it has no way to know if the Bearer token was actually meant for it. IMHO there should be a way to identify the token to make sure it was actually meant to be a token auth token? Maybe that is fine though as the repo will just return null and we can then ignore the result...
I can't tell much about this, as I have mot been using Apache HTTPD for ages now.
But I would think this is rather an issue with the Apache setup, and as such this package does not need to be changed – except maybe mentioning possible problems in the README?
Activity
bwaidelich commentedon Feb 24, 2022
Shouldn't that be enough: https://github.com/neos/flow-development-collection/blob/19ffef83112b88b05f13ead5cb8534058d452a02/Neos.Flow/Resources/Private/Installer/Distribution/Defaults/Web/.htaccess#L55 ?
bwaidelich commentedon Feb 24, 2022
Shouldn't that be enough: https://github.com/neos/flow-development-collection/blob/19ffef83112b88b05f13ead5cb8534058d452a02/Neos.Flow/Resources/Private/Installer/Distribution/Defaults/Web/.htaccess#L55 ?
2case commentedon Feb 25, 2022
No, since that only triggert on
Basic
authentication and not onBearer
authentication. Also the destination$_SERVER
key is different (HTTP_
vsREMOTE_
not sure if the flow/neos subsystem triggers on that)kitsunet commentedon Jul 26, 2022
In general I found that the current code for the token from headers is really brittle, it needs to account for Authentication headers being an arry, for Basic authentication AND it has no way to know if the Bearer token was actually meant for it. IMHO there should be a way to identify the token to make sure it was actually meant to be a token auth token? Maybe that is fine though as the repo will just return null and we can then ignore the result...
kdambekalns commentedon Nov 10, 2022
I can't tell much about this, as I have mot been using Apache HTTPD for ages now.
But I would think this is rather an issue with the Apache setup, and as such this package does not need to be changed – except maybe mentioning possible problems in the README?