I want to add api for some external data inside the app. But there is a problem with security.
I create a blank application and use it as follows.
The $headers[‘Authorization’] I want to import does not exist
Code
header(“Content-type: application/json”);
header(“Access-Control-Allow-Origin: *”);
header(“Access-Control-Allow-Credentials: true”);
header(“Content-Type: application/json; charset=UTF-8”);
header(“Access-Control-Allow-Methods: GET, POST”);
header(“Access-Control-Max-Age: 3600”);
header(“Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With”);
header(‘Cache-Control: no-cache, must-revalidate, max-age=0’);
$headers = apache_request_headers();
foreach ($headers as $header => $value) {
echo “$header: $value
\n”;
}
Output like this;
Cookie: PHPSESSID=555a68e77791766da2cf822190da88e6; sc_actual_lang_apiTest=tr
Content-Length: 129
Connection: close
Accept-Encoding: gzip, deflate, br
Host: 127.0.0.1:8091
Postman-Token: 13c32c1c-101d-4dd4-b511-1a703f15b99f
User-Agent: PostmanRuntime/7.29.0
Accept: application/json
Content-Type: application/json
$headers[‘Authorization’]; no data
When I add the above code in index.php
Output like this;
Content-Type: application/json
Accept: application/json
Authorization: Basic VGVzdDpUZXN0MTIzNA==
User-Agent: PostmanRuntime/7.29.0
Postman-Token: a867bc3e-0bf5-4c2b-a699-941022c5b4b3
Host: localhost
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Length: 129
Cookie: PHPSESSID=rqb2g9e68gem56ojanq04r9g74; sc_actual_lang_apiTest=tr
In this way, I get what I want, but the application method is wrong.
Can anyone give an idea.
Thank you.