I have begun development of a RESTful API (using Catalyst::Controller::REST), intending to authenticate with basic HTTP authentication. Using the myproject_server.pl debug server, everything works fine. I send the GET, an Authorization: and an Accept: header, and I get a 200 response followed by JSON result.
When I move this from dev to test, which means it goes behind mod_fastcgi, it stops working. Every request gets back 401 Unauthorized. As far as I can tell, the Authorization header is not being passed through to Catalyst. Note that my main interactive application uses HTML form auth and cookies/sessions, so this is our first use case involving HTTP basic authentication. Things I have already tried: 1. "Adding -pass-header Authorization" to the FastCgiExternalServer parameter in httpd.conf tcpdump tells me that the "Authorization: Basic xxxxxxx" is being sent to the server on port 4900, but it never actually gets through to where my req object can use it, e.g. $c->req->header('Authorization') is undef. 2. Rewriting the Authorization header as an env var RewriteCond %{HTTP:Authorization} ^(.+) RewriteRule ^(.*)$ $1 [E=HTTP_AUTHORIZATION:%1,PT] This turns out not to help because the environment seen by the fastcgi server is that of the user who started it, not the environment Apache is running in. Dumping the contents of %ENV shows that this env var is not available to Catalyst. 3. SSLOptions +StdEnvVars See #2, it sets env vars in the wrong environment. Has anyone had this problem and knows of some solution? I'm out of ideas at this point... Thanks, Dan _______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/