provide only one of authorization or signature headers

2024-09-19 16:15:13 +00:00 · 2024-07-31 10:55:21 +10:00 · 2024-07-31 10:55:21 +10:00 · ce9c4ae520
commit ce9c4ae520
parent 75148b984f
2 changed files with 4 additions and 11 deletions
--- a/src/Web/HTTPHeaders.php
+++ b/src/Web/HTTPHeaders.php
@ -61,6 +61,7 @@ class HTTPHeaders

    public function getAuthHeader()
    {
+        logger('getAuthHeader: ' . print_r($_SERVER, true), LOGGER_DATA);
        $candidates = [
            'HTTP_AUTHORIZATION',
            'REDIRECT_HTTP_AUTHORIZATION',
--- a/src/Web/HTTPSig.php
+++ b/src/Web/HTTPSig.php
@ -582,13 +582,7 @@ class HTTPSig
            }
        }

-        $authorisation = '';
-
-        if ($auth) {
-            $authorisation = 'Authorization: Signature ' . $headerval;
-        }
-        $sighead = 'Signature: ' . $headerval;
-
+ 
        if ($head) {
            foreach ($head as $k => $v) {
                // strip the request-target virtual header from the output headers
@ -598,10 +592,8 @@ class HTTPSig
                $return_headers[] = $k . ': ' . $v;
            }
        }
-        $return_headers[] = $sighead;
-        if ($authorisation) {
-            $return_headers[] = $authorisation;
-        }
+
+        $return_headers[] = (($auth) ? 'Authorization: Signature ' : 'Signature: ') . $headerval;

        return $return_headers;
    }