2

I am developing an api using yii2 REST Api basicauth. I have successfully developed in my local xampp server. I have deployed the code to a vps running centos. But i am getting the following unathorized response:

{
"name": "Unauthorized",
"message": "Your request was made with invalid credentials.",
"code": 0,
"status": 401,
"type": "yii\\web\\UnauthorizedHttpException"
}

I have set the headers properly.

response headers:

Connection →Keep-Alive
Content-Type →application/json; charset=UTF-8
Date →Fri, 05 May 2017 08:40:49 GMT
Keep-Alive →timeout=5, max=100
Server →Apache
Transfer-Encoding →chunked
Www-Authenticate →Basic realm="api"
X-Powered-By →PHP/5.6.30


my headers: 
Authorization : Basic BVrVm3Ay0jg2XBr3TeITaClg
Content-Type  : application/x-www-form-urlencoded

when i dump the headers i dont see the Authorization Header:

object(yii\web\HeaderCollection)#81 (1) {
  ["_headers":"yii\web\HeaderCollection":private]=>
  array(10) {
    ["content-type"]=>
    array(1) {
      [0]=>
      string(33) "application/x-www-form-urlencoded"
    }
    ["accept"]=>
    array(1) {
      [0]=>
      string(3) "*/*"
    }
    ["accept-encoding"]=>
    array(1) {
      [0]=>
      string(19) "gzip, deflate, sdch"
    }
    ["accept-language"]=>
    array(1) {
      [0]=>
      string(14) "en-US,en;q=0.8"
    }
    ["cache-control"]=>
    array(1) {
      [0]=>
      string(8) "no-cache"
    }
    ["connection"]=>
    array(1) {
      [0]=>
      string(10) "keep-alive"
    }
    ["cookie"]=>
    array(1) {
      [0]=>
      string(172) "_csrf=ed46321a4d6f68c815e71201a9d47fa4594bc7dc66346fe10111269e612fa24ea%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22afHivmMVT9TeQ24W-jwdIBu5sx4nA_hY%22%3B%7D"
    }
    ["host"]=>
    array(1) {
      [0]=>
      string(14) "104.238.73.161"
    }
    ["postman-token"]=>
    array(1) {
      [0]=>
      string(36) "b2123a9e-1585-5a44-4af1-dab9f12951c6"
    }
    ["user-agent"]=>
    array(1) {
      [0]=>
      string(113) "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36"
    }
  }
}

any idea why this is happening in the remote server ? Please help.

Improve this question

2 Answers 2

Reset to default
5

Hi for any one coming across this issue i have found the solution.

I added the following line in my .htaccess file and problem was fixed.

SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

i found the solution from the thread below: https://github.com/yiisoft/yii2/issues/6631

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

From where I can find .htaccess file ?
0

It's probably the CRSF validation. You can, in your controller

Public $enableCsrfValidation = false;

That will disable the validation in every action of that controller.

Here you have more info if you want to dig further: https://yii2-cookbook.readthedocs.io/csrf/

Improve this answer

4 Comments

Hi Chux, but if it is a CRSF issue then it shouldn't be working in my local ? am i correct ?
Yes, you are right, my mistake. Can you take a look at the app.log file?
Hi chux i have updated my question. when i dump the $request->getHeaders() it doesn's show the 'authorization' element in the array.
That seems an apache or how php is configured on that server. Can you please take a look here? github.com/yiisoft/yii2/issues/6631

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.