WC_REST_Authentication::get_authorization_header()publicWC 3.0.0

Get the authorization header.

On certain systems and configurations, the Authorization header will be stripped out by the server or PHP. Typically this is then used to generate PHP_AUTH_USER/PHP_AUTH_PASS but not passed on. We use getallheaders here to try and grab it out instead.

Method of the class: WC_REST_Authentication{}

No Hooks.

Return

String. Authorization header if set.

Usage

$WC_REST_Authentication = new WC_REST_Authentication();
$WC_REST_Authentication->get_authorization_header();

Changelog

Since 3.0.0 Introduced.

WC_REST_Authentication::get_authorization_header() code WC 8.6.1

public function get_authorization_header() {
	if ( ! empty( $_SERVER['HTTP_AUTHORIZATION'] ) ) {
		return wp_unslash( $_SERVER['HTTP_AUTHORIZATION'] ); // WPCS: sanitization ok.
	}

	if ( function_exists( 'getallheaders' ) ) {
		$headers = getallheaders();
		// Check for the authoization header case-insensitively.
		foreach ( $headers as $key => $value ) {
			if ( 'authorization' === strtolower( $key ) ) {
				return $value;
			}
		}
	}

	return '';
}