Authorization Header not passed to PHP in some instances.


We're seeing an issue (tested on several of our installed) where if a request sets an authorization header as such:

Authorization: Apikey <key>

This does not get set in PHP and HTTP_AUTHORIZATION is not present. The same happens with Digest as well.

If the request uses Basic or Bearer then HTTP_AUTHORIZATION is set.

This is using LSAPI, not CGI: omegle xender

Server API: LiteSpeed V7.7

Issue would appear to be LSAPI rather than Litespeed, as the same happens on an Apache server using LSAPI to connect to PHP as well.

Last edited: