I'm currently developing a webmapping application. I'm using Apache 2.4, PHP, Javascript and Dojo (a javascript library used for mapping). Dojo is making request to webservices (hosted on https:// host/server/rest/services/... and managed by another department in my company). But in order to access those webservices, an authentication with Basic is required.
Because they're not implementing token authentication like they should (that we could use with dojo), a popup appears when we connect to the application in order to access the data in the webservices. I would like to configure Apache (my httpd.conf) in order to avoid this popup for our users and that I set a correct Authorization header that would be sent with every request Dojo makes to our webservices.
My first idea was to set the Header with headers_module
RequestHeader set Authorization "Basic ****"
and then use rewrite_module with what I found online:
RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)$ [NC]
RewriteRule /.* - [E=HTTP_AUTHORIZATION:%1]
but it doesn't seem to work because if I check with:
$headers = apache_request_headers();
$server = $_SERVER["HTTP_AUTHORIZATION"];
$headers contains what I want, but $server doesn't
So I moved on and decided to go with the setenvif_module which seemed to be the good solution. I now have:
RequestHeader set Authorization "Basic ****"
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
even though I don't understand what the $1 means and what it does.
To explain further, my application has a login page index.php where no requests to host/server/rest/services are made and HTTP_AUTORIZATION looks empty. Once I log in to my page application.php, all the request are made, HTTP_AUTHORIZATION seems to be filled with what I want "Basic ****", but an empty REDIRECT_HTTP_AUTHORIZATION appears and the popup from the webservices asking for an user and a password still appears.
Do you have any idea of what I missed or might have done wrong ?
Thank you for your help.