8000 [HttpFoundation] Do not overwrite the Authorization header if it is a… · symfony/symfony@53ebfda · GitHub
[go: up one dir, main page]
Skip to content

Commit 53ebfda

Browse files
jakzalfabpot
jakzal
authored and
fabpot
committed
[HttpFoundation] Do not overwrite the Authorization header if it is already set
1 parent 385f23e commit 53ebfda

File tree

2 files changed

+19
-0
lines changed

2 files changed

+19
-0
lines changed

src/Symfony/Component/HttpFoundation/ServerBag.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,10 @@ public function getHeaders()
8686
}
8787
}
8888

89+
if (isset($headers['AUTHORIZATION'])) {
90+
return $headers;
91+
}
92+
8993
// PHP_AUTH_USER/PHP_AUTH_PW
9094
if (isset($headers['PHP_AUTH_USER'])) {
9195
$headers['AUTHORIZATION'] = 'Basic '.base64_encode($headers['PHP_AUTH_USER'].':'.$headers['PHP_AUTH_PW']);

src/Symfony/Component/HttpFoundation/Tests/ServerBagTest.php

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -151,4 +151,19 @@ public function testOAuthBearerAuthWithRedirect()
151151
'AUTHORIZATION' => $headerContent,
152152
), $bag->getHeaders());
153153
}
154+
155+
/**
156+
* @see https://github.com/symfony/symfony/issues/17345
157+
*/
158+
public function testItDoesNotOverwriteTheAuthorizationHeaderIfItIsAlreadySet()
159+
{
160+
$headerContent = 'Bearer L-yLEOr9zhmUYRkzN1jwwxwQ-PBNiKDc8dgfB4hTfvo';
161+
$bag = new ServerBag(array('PHP_AUTH_USER' => 'foo', 'HTTP_AUTHORIZATION' => $headerContent));
162+
163+
$this->assertEquals(array(
164+
'AUTHORIZATION' => $headerContent,
165+
'PHP_AUTH_USER' => 'foo',
166+
'PHP_AUTH_PW' => '',
167+
), $bag->getHeaders());
168+
}
154169
}

0 commit comments

Comments
 (0)
0