Page MenuHomePhabricator
Create Task
Maniphest T305143

Apache docker image strips Authorization header
Closed, ResolvedPublic
Actions

Description

When sending a request with an Authorization header (e.g. making a request with an OAuth bearer token), the header gets stripped by apache and does not reach the PHP process. This can be checked by inspecting the $_SERVER, which does not contain said header.

I verified that adding the the following two lines to the existing apache site conf solves the problem (related stackoverflow answer):

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

I tried this in both mwcli (dev/stretch-apache2:2.0.0) and MediaWiki-Docker (dev/buster-apache2:1.0.0-s1).

Details

SubjectRepoBranchLines +/-
MediaWiki-Docker: Upgrade buster-apache2 image to latestmediawiki/coremaster+1 -1
Customize query in gerrit

Related Objects

Event Timeline

Jakob_WMDE created this task.Mar 31 2022, 12:35 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 31 2022, 12:35 PM
Silvan_WMDE subscribed.Mar 31 2022, 12:45 PM
Jakob_WMDE updated the task description. (Show Details)Mar 31 2022, 12:45 PM
Jakob_WMDE updated the task description. (Show Details)
WMDE-leszek subscribed.Mar 31 2022, 12:52 PM
Ollie.Shotton_WMDE subscribed.Mar 31 2022, 1:01 PM
Ollie.Shotton_WMDE added a project: mwcli.Mar 31 2022, 1:34 PM
Addshore moved this task from Inbox to Watching & Blocked on the mwcli board.Mar 31 2022, 2:23 PM
Addshore added subscribers: jeena, brennen.
Jakob_WMDE added a comment.Apr 1 2022, 1:13 PM

Merge Request: https://gitlab.wikimedia.org/repos/releng/dev-images/-/merge_requests/13

Addshore added a project: Patch-For-Review.Apr 6 2022, 9:41 AM
Addshore added a project: Release-Engineering-Team.
thcipriani assigned this task to jeena.Apr 6 2022, 4:48 PM
thcipriani edited projects, added Release-Engineering-Team (🌱 Spring Cleaning — April 2022); removed Release-Engineering-Team.
thcipriani subscribed.

Assigning to @jeena to review: https://gitlab.wikimedia.org/repos/releng/dev-images/-/merge_requests/13

jeena reassigned this task from jeena to brennen.Apr 6 2022, 4:56 PM
Jakob_WMDE mentioned this in T305709: Apache docker image used in CI strips Authorization header.Apr 8 2022, 3:32 PM
Stashbot added a comment.Apr 12 2022, 9:37 PM

Mentioned in SAL (#wikimedia-releng) [2022-04-12T21:37:09Z] <brennen> Updating dev-images docker-pkg files on primary contint for apache & elasticsearch changes (T304290, T305143)

Stashbot mentioned this in T304290: Create docker elasticsearch images with wmf search plugins.Apr 12 2022, 9:37 PM
Addshore added a comment.Apr 13 2022, 8:34 AM
This comment was removed by Addshore.
Addshore moved this task from Watching & Blocked to Pending Release on the mwcli board.Apr 13 2022, 12:42 PM
Addshore moved this task from Pending Release to Done on the mwcli board.
brennen closed this task as Resolved.Apr 18 2022, 6:45 PM
gerritbot added a comment.Aug 9 2022, 7:26 PM

Change 821786 had a related patch set uploaded (by Krinkle; author: Jforrester):

[mediawiki/core@master] MediaWiki-Docker: Upgrade buster-apache2 image to latest

https://gerrit.wikimedia.org/r/821786

gerritbot added a comment.Aug 9 2022, 7:45 PM

Change 821786 merged by jenkins-bot:

[mediawiki/core@master] MediaWiki-Docker: Upgrade buster-apache2 image to latest

https://gerrit.wikimedia.org/r/821786

ReleaseTaggerBot added a project: MW-1.39-notes (1.39.0-wmf.25; 2022-08-15).Aug 9 2022, 8:00 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits