While implementing a micropub token endpoint I noticed that I was unable to access the value of an HTTP Authorization header - $_SERVER did not include it.
$ curl -H 'Authorization: Bearer wolf' 127.0.0.1/dumpserver.php |grep -i auth $
It turns out that you manually have to pass them, e.g. by adding the following line to your .htaccess file:
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
$ curl -H 'Authorization: Bearer wolf' 127.0.0.1/dumpserver.php |grep -i auth 'HTTP_AUTHORIZATION' => string 'Bearer wolf'(length=11) $
Alternatively you may use mod_rewrite:
RewriteCond %{HTTP:Authorization} ^(.+)$
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
FastCGI
When Apache speaks via FastCGI with PHP, then the authorization header is available as REDIRECT_HTTP_AUTHORIZATION. There is no way to get rid of the REDIRECT_ in front; you code has to check both variants.