I have begun development of a RESTful API (using Catalyst::Controller::REST),
intending to authenticate with basic HTTP authentication. Using the
myproject_server.pl debug server, everything works fine. I send the GET, an
Authorization: and an Accept: header, and I get a 200 response followed by JSON
result.
When I move this from dev to test, which means it goes behind mod_fastcgi, it
stops working. Every request gets back 401 Unauthorized. As far as I can tell,
the Authorization header is not being passed through to Catalyst.
Note that my main interactive application uses HTML form auth and
cookies/sessions, so this is our first use case involving HTTP basic
authentication.
Things I have already tried:
1. "Adding -pass-header Authorization" to the FastCgiExternalServer parameter
in httpd.conf
tcpdump tells me that the "Authorization: Basic xxxxxxx" is being sent to the
server on port 4900, but it never actually gets through to where my req object
can use it, e.g. $c->req->header('Authorization') is undef.
2. Rewriting the Authorization header as an env var
RewriteCond %{HTTP:Authorization} ^(.+)
RewriteRule ^(.*)$ $1 [E=HTTP_AUTHORIZATION:%1,PT]
This turns out not to help because the environment seen by the fastcgi server
is that of the user who started it, not the environment Apache is running in.
Dumping the contents of %ENV shows that this env var is not available to
Catalyst.
3. SSLOptions +StdEnvVars
See #2, it sets env vars in the wrong environment.
Has anyone had this problem and knows of some solution? I'm out of ideas at
this point...
Thanks,
Dan
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
