I have two short programs.
Client Request program that sends an HTTP request to a Server Response
program.
The contents is picked up by the Server with no problem.
However, it does not pick up the Authorization part of the header.
Any idea why it is not being picked up. I have dumped all the $ENV but it
is not there.
------------------------------------------------
Client Request Program :-
use LWP::UserAgent; my $ua=new LWP::UserAgent;
use HTTP::Request::Common qw (POST);
my $req=new HTTP::Request 'POST',$url;
$req->header('Authorization' => 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==');
$req->header('Content-Type' => 'application/xml;charset=UTF-8');
$req->content($xml);
my $response=$ua->request($req);
---------------------------------------------------
Server Response Program:-
my $length=$ENV{'CONTENT_LENGTH'}; my $request;
read (STDIN,$request,$length);
# read headers
my $auth = $ENV{"AUTHORIZATION"};
my $content_type = $ENV{"CONTENT_TYPE"};
------------------------------------------------
Regards
John
You can access the headers that were actually sent through the
response object.
print $response()->request->as_string();
print $response()->headers_as_string();
Could it possibly be that your credentials have 8bit chars in them?
That might cause trouble depending on server configuration.
You did enable warnings, did you?
Steffen
Many CGI implementations prevent scripts from accessing the value of
this header as a security precaution. Generally speaking, running the
code under something but the CGI module of your software (e.g., using
mod_perl on an Apache web server) allows you to get around that; an
alternative is to use the mod_rewrite module to put the value into the
environment before the script is called.
--
Björn Höhrmann · mailto:bjo...@hoehrmann.de · http://bjoern.hoehrmann.de
> Client Request program that sends an HTTP request to a Server Response
> program.
> The contents is picked up by the Server with no problem.
> However, it does not pick up the Authorization part of the header.
Any particular reason you're trying to supply authorization headers
manually, instead of using the credentials() method listed in the
LWP::UserAgent module docs?
sherm--
--
My blog: http://shermspace.blogspot.com
Cocoa programming in Perl: http://camelbones.sourceforge.net
UserAgent, AFAIK is only sending credentials in answer to 401 response
codes.
But some administrators have their servers configured to never send
out a 401.
They probably want to hide the http authorization which is generally
regarded as a weak protection scheme.
The sites can still be accessed if the header is provided voluntarily.
Either by script as above or by putting name:password@host in the
browser url.
Cheers, Steffen
> On Aug 18, 5:28 pm, Sherm Pendley <spamt...@dot-app.org> wrote:
> > "John" <john1...@yahoo.com> writes:
> > > Client Request program that sends an HTTP request to a Server Response
> > > program.
> > > The contents is picked up by the Server with no problem.
> > > However, it does not pick up the Authorization part of the header.
> >
> > Any particular reason you're trying to supply authorization headers
> > manually, instead of using the credentials() method listed in the
> > LWP::UserAgent module docs?
> >
> > sherm--
> >
> > --
>
> UserAgent, AFAIK is only sending credentials in answer to 401 response
> codes.
The user agent sends the credentials for any URL which it thinks
belongs to a particular realm. It's how you get access to the stuff you
want to access. Remember that HTTP is stateless :)