Documentation

Accessing the Authorization header

If you are writing/using an application (PHP or via fcgi) that needs the Authorization header, you will run into some problems. Apache will, by default, strip the Authorization header from requests before passing them to PHP or to an (f)cgi script. In order to receive the Authorization header, you will have to add an .htaccess file to the webroot with the following contents:

CGIPassAuth on

If the project already has an .htaccess file, just append it.

More information can be found on https://httpd.apache.org/docs/trunk/mod/core.html#cgipassauth