How can I access request headers that don't appear in $_SERVER?

Question

I am attempting to create a REST API in PHP and I'd like to implement an authentication scheme similar to Amazon's S3 approach. This involves setting a custom 'Authorization' header in the request.

I had thought I would be able to access the header with $_SERVER['HTTP_AUTHORIZATION'], but it's nowhere to be found in var_dump($_SERVER). The apache_request_headers() function would solve my problem, but my host implements PHP as CGI, so it's unavailable.

Is there another way I can access the complete request headers in PHP?

Answer 1

There is a fantastic PECL extension that allows for all sorts of HTTP related access. PECL_HTTP and more specifically http://php.net/http and http://php.net/manual/en/function.http-get-request-headers.php.

Answer 2

You'll need to do some mod_rewrite wizardry to get your headers past the CGI barrier, like so:

RewriteEngine on
RewriteRule .? - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

<?php
    $auth = $_SERVER['HTTP_AUTHORIZATION'];
?>

Note that if you're using mod_rewrite for other purposes, it could end up being $_SERVER['REDIRECT_HTTP_AUTHORIZATION'].

Answer 3

Try

$_ENV['HTTP_AUTHORIZATION']

When using CGI interface instead of Apache Module interface, HTTP headers should be available as environment variables.