We run in some trouble while Apache strip the `Authorization` header since version 2.4.13. You have to add `SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1` to your `.htaccess to` enable it.