Synopsis: Missing HTTP_AUTHORIZATION in CGI environment State-Changed-From-To: open-suspended State-Changed-By: marc State-Changed-When: Wed May 7 08:23:58 PDT 1997 State-Changed-Why: This is a conscious decision to not include it. It allows CGIs to do more evil things WRT stealing passwords from the browser's cache and on most Unixes you can view the environment of a process with the right arguments to ps. If HTTP_AUTHORIZATION was passed, that would be included.
The only way it would be implemented would be as a config directive that let it be set for specific scripts in the config files, however 1.2 is in feature freeze so it will not happen before then. In the meantime, if your script really needs access to it you can either create a patch to remove the two lines special-casing the Authorization header in util_script.c or write a module that does what you want. I think there is also a mod_auth_external available somewhere that authenticates using an external program which can do whatever you want.
