Today, as I deployed my Laravel application, I received an email from my client mentioning that the basic authentication wasn’t working on the production server. I tested promptly and indeed it wasn’t. This was really strange for me as locally all was well. I got stuck at the problem for quite sometime. Searching on Google made me realize that a lot of people have been facing the same conundrum. But finally as usual, I found out the solution not too late.
Solution
The problem is not in Laravel, but with PHP. Apparently, HTTP authentication won’t work if PHP is executed with a CGI application instead of being executed in a server module like Apache’s mod_php. In simpler yet technical terms, since I’m using PHP-FPM (a fast FastCGI process manager), the required PHP_AUTH_USER and PHP_AUTH_PW parameters are not included in the $_SERVER data.
Thankfully, with the help of the content here I was able to solve the problem.
First Step
I added this piece of configuration line to my .htaccess file:
[text]
SetEnvIfNoCase Authorization "Basic ([a-z0-9=]+)" REMOTE_AUTHORIZATION=$1
[/text]
Second Step
Added this piece of code in bootstrap/start.php (at the beginning):
[php]
if (isset($_SERVER["REDIRECT_REMOTE_AUTHORIZATION"]) && $_SERVER["REDIRECT_REMOTE_AUTHORIZATION"] != ”) {
$d = base64_decode($_SERVER["REDIRECT_REMOTE_AUTHORIZATION"]);
list($_SERVER[‘PHP_AUTH_USER’], $_SERVER[‘PHP_AUTH_PW’]) = explode(‘:’, $d);
}
[/php]
Could possibly also put that inside public/index.php.
Conclusion
Overall some people might consider this process as an ugly hack, but thankfully if the basic auth in your Laravel app doesn’t work then it’ll start working as normal!
