I am in the process of generating an endpoint that has to be created based off of our clients' vendor specifications. With this the authorization is set as basic in a base64 string of <account>:<username>:<password>.
Using Apache as what the client already has configured on their server, when I post an example to my endpoint with the Authorization Header such as
Authorization: Basic VGVzd<ommitted>HdyZA==Obtained from a Postman Console Log:
GET http://<url>:<port>/itemlookup
Request HeadersAuthorization: Basic VGVzd<ommitted>HdyZA==
User-Agent: PostmanRuntime/7.42.0
Accept: */*
Postman-Token: d43aa0e9-bb40-4c8c-8582-4ca2cc0237c8
Host: <url>:<port>
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
When I create a dump of all of the incoming headers and arguments, the authorization string is not passed from pxp.cgi to the program that it is executing.
I know it is obtainable via the Pvx Web Server but the documentation for the global variables in Apache does not mention authorization anywhere. https://manual.pvxplus.com/PXPLUS/apache/globalvar.htm (https://manual.pvxplus.com/PXPLUS/apache/globalvar.htm)
Is there a way to obtain the authorization information within Apache that is not documented?
Thank you for your assistance!
Apache by default will strip that out.
If you add:
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
to your httpd.conf it will put it back so the pxplus programs can see it.
Thank you Devon! Worked like a charm as I was up all last night scratching my head!! I owe you a drink at the next Conference!!
Quote from: Devon Austen on November 19, 2024, 09:38:11 AMApache by default will strip that out.
If you add:
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
to your httpd.conf it will put it back so the pxplus programs can see it.
We had to figure this out for our own PxPlus web services. It is documented as part of the Apache configuration for PxPlus Web Services (https://manual.pvxplus.com/?Web%20Services/Overview.htm#configuration).