So I've got a server to server application. The PHP script on server 1, domain 1 sets a custom header in the page (Authorization: Bearer 123456789). The script on server 2, domain 2 uses get_headers() to read the headers.
It all works fine when the files are served natively. But when the script on server 1 is included in a Joomla module get_headers() doesn't retrieve the custom header.
In both cases, developer tools shows the custom header but also some different headers than returned by get_headers().
The code below uses JFactory to set the headers if Joomla is loaded but it is the same result using header(). Joomla just isn't passing the custom header.
I don't get it. Anyone have any idea what is going on here? Its not a SEF or htaccess issue.
<?php
// Server 1
if(!class_exists("JFactory")){ // no Joomla
header('Authorization: Bearer 123456789');
} else { // Joomla framework loaded
$app = JFactory::getApplication();
$app->setHeader('Authorization: ', 'Bearer 123456789');
$app->sendHeaders();
}
The code on server 2:
<?php
// Server 2
$headers = get_headers("http://server1.com/");
foreach($headers as $header) {
echo $header ."<br/>";
}
Output from get_headers() when served natively:
HTTP/1.1 200 OK Date: Thu, 19 Jan 2017 12:44:35 GMT Server: Apache Authorization: Bearer 123456789 Content-Length: 0 Connection: close Content-Type: text/html
Output from get_headers() when served by Joomla:
HTTP/1.1 200 OK Date: Thu, 19 Jan 2017 12:45:49 GMT Server: Apache Set-Cookie: 3c460b3da9ecb202e794816b4144c6ff=ja7mn4b4njov98lsv76kk8pvu2; path=/; HttpOnly Vary: Accept-Encoding Content-Length: 1264 Connection: close Content-Type: text/html
Native headers displayed by developer tools:
Authorization: Bearer 123456789 Date: Thu, 19 Jan 2017 13:07:32 GMT Server: Apache Connection: Keep-Alive Keep-Alive: timeout=5, max=100 Content-Length: 0 Content-Type: text/html 200 OK
Joomla headers displayed by developer tools:
Pragma: no-cache Date: Thu, 19 Jan 2017 12:19:24 GMT Last-Modified: Thu, 19 Jan 2017 12:19:25 GMT Server: Apache Authorization: : Bearer 123456789 Vary: Accept-Encoding Content-Type: text/html; charset=utf-8 Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: Keep-Alive Keep-Alive: timeout=5, max=100 Content-Length: 76888 Expires: Wed, 17 Aug 2005 00:00:00 GMT
Remove double dot from setheader call :
$app = JFactory::getApplication();
$app->setHeader('Authorization', 'Bearer 123456789');
$app->sendHeaders();
Thanks for the suggestion Yoleth. I tested this and got the same result.
However I have found the problem. The Joomla site setting the header is using a component called Site Lock. This is similar to putting the site off line but has some nice features for developers.
Basically Site Lock was preventing the page being served and just returning the headers from the lock page (as it should). I don't know why I didn't see it earlier. Sometimes just can't see the forest for the trees!