请求 Headers 未通过生产

Question

我有一个 Symfony 2.8 API，它提供数据来响应 webapp，之前一切正常。我正在使用 LexikJWTAuthenticationBundle + Guard 来验证 /api.

我的请求中仅在生产中缺少授权 headers。在本地一切正常。我正在使用邮递员进行测试。

生产请求headers：

object(Symfony\Component\HttpFoundation\HeaderBag)#10 (2) {
  ["headers":protected]=>
  array(9) {
    ["cache-control"]=>
    array(1) {
      [0]=>
      string(8) "no-cache"
    }
    ["postman-token"]=>
    array(1) {
      [0]=>
      string(36) "9ad903a8-9f35-4ecf-8da3-dddb1f8ff2ca"
    }
    ["user-agent"]=>
    array(1) {
      [0]=>
      string(20) "PostmanRuntime/6.2.5"
    }
    ["accept"]=>
    array(1) {
      [0]=>
      string(3) "*/*"
    }
    ["host"]=>
    array(1) {
      [0]=>
      string(16) "pro.musehall.com"
    }
    ["cookie"]=>
    array(1) {
      [0]=>
      string(36) "PHPSESSID=6ca4iil63v2fiadfdpfnb6vlq4"
    }
    ["accept-encoding"]=>
    array(1) {
      [0]=>
      string(13) "gzip, deflate"
    }
    ["connection"]=>
    array(1) {
      [0]=>
      string(10) "keep-alive"
    }
    ["x-php-ob-level"]=>
    array(1) {
      [0]=>
      int(1)
    }
  }

本地请求headers:

object(Symfony\Component\HttpFoundation\HeaderBag)#10 (2) {
  ["headers":protected]=>
  array(10) {
    ["authorization"]=>
    array(1) {
      [0]=>
      string(938) ""Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXUyJ9.eyJlbWFpbCI6Im5pY29sYXNAYXB4LWRldi5jb20iLCJpZCI6OTExMTExNDExLCJhcGlLZXkiOiJhNGExZjM3NjQwZDkzM2UwYjRlYzg4ZDBiY2VjMjgyODNkYTRjNzU1IiwiZmlyc3RuYW1lIjoiTmljb2xhcyIsImxhc3RuYW1lIjoiQXB4IiwiaWF0IjoiMTUwMzk1NzYyNSJ9.j1hLlRoVNSkS5UotPGuV1PsVgePGb9BQSxceBrE2oxilpXNJUApfwHJ4iGjhvjtAugBO5LTd9EF4_cTSlh9NxGy_oTRalH8EeM8BNE2tK6WTvxiC-B0hxRl9ifmKfIVdNZm4_l6NFZaYGdE7isQozPj8stwjfWkitUg5cRSLCztKmXAc8fU4DttFzLMUi7G2cB1JxeWxYpXSmy_DNrVeDzvEt86MmE7xCuO79kk6MBDC4P848NOOZLTy8hMKpXFwqHV0A8voJTVNGJZZWIrX2GiUBQZxZBquJyqRgO3C2bboHQChPF_ETZ1Wj7OvCMwIsqAFPIasPZqcK3eBMmAde9CAWQ_a7-_izk5iBD6wbSrCVMd_NDpATsKK5uqI23Kvm5PY8A__TpYMI7DmIKd6NZe2WaBIA9nIkPLNWgomy_OUISsR1DfTUgpX9R_lT5odqDxLfHU17pEhrXnwMoghYQFN2oZuqtC6wwht05qDVvCvNMpM3VLqySus7j7lUogjEMawW-WvmUhVqnCJ079ZkpqU-CDTKOwt2rS63Y3ojGKCc3_faFNlB1T_Arm1M91ukfzSZS3uctkm9Sfcfwt8KMizWvmLpYbs7Mj6QsAhseNbW9MZ2kger_BvRSCOc0rhWWVylZ_n0ra5wz5yJbgoKo252YxMWhqW5YGPDAH6xZE""
    }
    ["cache-control"]=>
    array(1) {
      [0]=>
      string(8) "no-cache"
    }
    ["postman-token"]=>
    array(1) {
      [0]=>
      string(36) "144afa4f-c482-4a30-8369-2a4b2f6e1a29"
    }
    ["user-agent"]=>
    array(1) {
      [0]=>
      string(20) "PostmanRuntime/6.2.5"
    }
    ["accept"]=>
    array(1) {
      [0]=>
      string(3) "*/*"
    }
    ["host"]=>
    array(1) {
      [0]=>
      string(12) "musehall.dev"
    }
    ["cookie"]=>
    array(1) {
      [0]=>
      string(36) "PHPSESSID=22v5la94j3m97mr54c31um67g2"
    }
    ["accept-encoding"]=>
    array(1) {
      [0]=>
      string(13) "gzip, deflate"
    }
    ["connection"]=>
    array(1) {
      [0]=>
      string(10) "keep-alive"
    }
    ["x-php-ob-level"]=>
    array(1) {
      [0]=>
      int(1)
    }
  }
  ["cacheControl":protected]=>
  array(1) {
    ["no-cache"]=>
    bool(true)
  }
}

如您所见，生产服务器上缺少令牌。

我最近唯一改变的是我更新了我的 certbot 证书。

Lexi 配置：

# json web token bundle
lexik_jwt_authentication:
    private_key_path: "%jwt_private_key_path%"
    public_key_path:  "%jwt_public_key_path%"
    pass_phrase:      "%jwt_key_pass_phrase%"
    token_ttl:        "%jwt_token_ttl%"

有什么想法吗？

Answer 1

可能是由于 apache 剥离授权 headers。请参阅捆绑包文档中的 "Important note for apache users"。

Apache server will strip any Authorization header not in a valid HTTP BASIC AUTH format.

If you intend to use the authorization header mode of this bundle (and you should), please add those rules to your VirtualHost configuration :

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

请求 Headers 未通过生产

Request Headers not passing in production

request-headers

symfony

lexikjwtauthbundle