diff --git a/povertymap/api/config.php b/povertymap/api/config.php index f5af6b7..aef12d0 100644 --- a/povertymap/api/config.php +++ b/povertymap/api/config.php @@ -90,14 +90,18 @@ function jwt_decode(string $jwt, string $secret): ?array { function getAuthorizationHeader(): string { $headers = null; - if (isset($_SERVER['Authorization'])) { + if (isset($_SERVER['HTTP_X_AUTHORIZATION'])) { + $headers = trim($_SERVER["HTTP_X_AUTHORIZATION"]); + } else if (isset($_SERVER['Authorization'])) { $headers = trim($_SERVER["Authorization"]); } else if (isset($_SERVER['HTTP_AUTHORIZATION'])) { $headers = trim($_SERVER["HTTP_AUTHORIZATION"]); } else if (function_exists('apache_request_headers')) { $requestHeaders = apache_request_headers(); $requestHeaders = array_change_key_case($requestHeaders, CASE_LOWER); - if (isset($requestHeaders['authorization'])) { + if (isset($requestHeaders['x-authorization'])) { + $headers = trim($requestHeaders['x-authorization']); + } else if (isset($requestHeaders['authorization'])) { $headers = trim($requestHeaders['authorization']); } } @@ -117,7 +121,7 @@ function getCurrentUser(): ?array { return $payload; } } - return $_SESSION['user'] ?? null; + return null; } /** diff --git a/povertymap/index.html b/povertymap/index.html index cc03437..65fda77 100644 --- a/povertymap/index.html +++ b/povertymap/index.html @@ -264,11 +264,23 @@ const originalFetch = window.fetch; window.fetch = function(url, options) { options = options || {}; - options.headers = options.headers || {}; const token = sessionStorage.getItem('user_token'); if (token) { - if (!options.headers['Authorization'] && !options.headers['authorization']) { - options.headers['Authorization'] = 'Bearer ' + token; + if (options.headers instanceof Headers) { + if (!options.headers.has('Authorization')) { + options.headers.set('Authorization', 'Bearer ' + token); + } + if (!options.headers.has('X-Authorization')) { + options.headers.set('X-Authorization', 'Bearer ' + token); + } + } else { + options.headers = options.headers || {}; + if (!options.headers['Authorization'] && !options.headers['authorization']) { + options.headers['Authorization'] = 'Bearer ' + token; + } + if (!options.headers['X-Authorization'] && !options.headers['x-authorization']) { + options.headers['X-Authorization'] = 'Bearer ' + token; + } } } return originalFetch(url, options);