Authorization Header removed on AWS Bitnami Wordpress Multisite

Keywords: WordPress Multisite - AWS - Technical issue - Other
bnsupport ID: 6db0c517-23d6-6e68-9910-4dd716b1b46b
Description:
I have a WP Multisite installed on an AWS EC2 instance with the bitnami stack.

I am trying to make a call to some WP and Woocommerce API’s from a custom php script on the site. There are to calls I am making, the first one retrieves a JWT token that is used in the header of the second script to create a user.

It seems that the header info is being stripped out of the request.

I have added the below code to the bottom of the /opt/bitnami/apps/wordpress/conf/htaccess.conf but it still does not work.

RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule ^(.
) - [E=HTTP_AUTHORIZATION:%1]

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

I checked the below posts and tried the suggestions there but still no luck.

This is the function that I am trying to use the call the cURL script with the header.

function jwt_request($token, $post) {

  header('Content-Type: application/json'); // Specify the type of data
  $ch = curl_init('https://mysite.com/wp-json/wp/v2/users/register'); // Initialise cURL
  $post = json_encode($post); // Encode the data array into a JSON string
  $authorization = "Authorization: Bearer ".$token; // Prepare the authorisation token
  curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json' , $authorization )); // Inject the token into the header
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  curl_setopt($ch, CURLOPT_POST, 1); // Specify the request method as POST
  curl_setopt($ch, CURLOPT_POSTFIELDS, $post); // Set the posted fields
  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // This will follow any redirects
  $result = curl_exec($ch); // Execute the cURL statement
  curl_close($ch); // Close the cURL connectionreturn json_decode($result); // Return the received data

  return $result;

}

Anyone got any ideas what I need to do?

Hi @igolfapps,

Thanks for using Bitnami. In your logs of apache appears this kind error:

[Mon Sep 28 06:53:02.251814 2020] [proxy_fcgi:error] [pid 13023:tid 140138348611328] [client 114.119.146.100:47050] AH01071: Got error 'PHP message: PHP Warning:  include_once(/opt/bitnami/apps/wordpress/htdocs/wp-content/sunrise.php): failed to open stream: No such file or directory in /opt/bitnami/apps/wordpress/htdocs/wp-includes/ms-settings.php on line 47PHP message: PHP Warning:  include_once(): Failed opening '/opt/bitnami/apps/wordpress/htdocs/wp-content/sunrise.php' for inclusion (include_path='.:/opt/bitnami/php/lib/php') in /opt/bitnami/apps/wordpress/htdocs/wp-includes/ms-settings.php on line 47PHP message: run_miniorange_Oauth_WC_purchase_historyPHP message: in Mo_OAuth_WC_Purchase_History'

It seems your permission is wrong, could you run the following commands?

sudo chown -R bitnami:daemon /opt/bitnami/apps/wordpress/htdocs
sudo find /opt/bitnami/apps/wordpress/htdocs -type d -exec chmod 0775 {} \;
sudo find /opt/bitnami/apps/wordpress/htdocs -type f -exec chmod 0664 {} \;
sudo chmod 660 /opt/bitnami/apps/wordpress/htdocs/wp-config.php

I hope that helps you,
Ibone.

Hi Ibone, thanks for the response.

Unfortunately I still get the same error:

{“status”:“error”,“error”:“MISSING_AUTHORIZATION_HEADER”,“error_description”:“Authorization header not received. Either authorization header was not sent or it was removed by your server due to security reasons.”}

Regards,
Andrew

Hi @igolfapps,

I see you added the line

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

But it’s out of any directory will be something similar to:
(remember to check the path of the plugin you want to add the header, I have written opt/bitnami/apps/wordpress/htdocs/wp-content/plugins/woocommerce as an example)

<Directory "/opt/bitnami/apps/wordpress/htdocs/wp-content/plugins/woocommerce">
RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
</Directory>

I hope that helps you,
Ibone

Hi, thanks for the additional details. Still no luck unfortunately, headers till being overwritten. Also it seems the changs I make to /opt/bitnami/apps/wordpress/conf/htaccess.conf get overwritten by some process. They are in place when I test it though.

I made the below change and also tried specific directory where the script lives but nothing seems to help.

<Directory /opt/bitnami/apps/wordpress/htdocs/wp-content/./>
RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.
)
RewriteRule ^(.) - [E=HTTP_AUTHORIZATION:%1]
SetEnvIf Authorization "(.
)" HTTP_AUTHORIZATION=$1

Have had to remove the tags as the post is getting striped of them. Below is the directory path I tried (along with the specific one)

Directory /opt/bitnami/apps/wordpress/htdocs/wp-content/.*

Hi @igolfapps,

Could you rerun the bnsupport?

Regards,
Ibone.

Hi, new support code is 5dbfadd9-6ee4-525c-4819-74dfeacd7e9a

Hi @igolfapps,

Could you check with the developer of the plugin to what directory you need to add this information?

<Directory /opt/bitnami/apps/wordpress/htdocs/wp-content/.*/>

.* It’s not valid, you need to add for one directory -

In the case you share

He added in the /opt/bitnami/apps/wordpress/htdocs/

Regards,
Ibone.

Awesome, thanks that worked. Headers no longer being removed, thanks very much for your help!

…i.e. the adding the specific path worked. It is not a plugin as such, but one php page that is called. I created a new directory for it under the plugins directory and added that as the path.

Hi @igolfapps,

Is the problem solved? You added the header lines with the new directory and the headers are no longer removed.

Regards,
Ibone.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.