I have a Symfony 2.8 API, which serve data to react webapp, everything was working perfectly before.
I am using LexikJWTAuthenticationBundle + Guard to authenticate /api.
The auth headers are missing in my request only in production. On local everything is working fine. I am using postman for testing.
Production Request headers:
object(Symfony\Component\HttpFoundation\HeaderBag)#10 (2) {
["headers":protected]=>
array(9) {
["cache-control"]=>
array(1) {
[0]=>
string(8) "no-cache"
}
["postman-token"]=>
array(1) {
[0]=>
string(36) "9ad903a8-9f35-4ecf-8da3-dddb1f8ff2ca"
}
["user-agent"]=>
array(1) {
[0]=>
string(20) "PostmanRuntime/6.2.5"
}
["accept"]=>
array(1) {
[0]=>
string(3) "*/*"
}
["host"]=>
array(1) {
[0]=>
string(16) "pro.musehall.com"
}
["cookie"]=>
array(1) {
[0]=>
string(36) "PHPSESSID=6ca4iil63v2fiadfdpfnb6vlq4"
}
["accept-encoding"]=>
array(1) {
[0]=>
string(13) "gzip, deflate"
}
["connection"]=>
array(1) {
[0]=>
string(10) "keep-alive"
}
["x-php-ob-level"]=>
array(1) {
[0]=>
int(1)
}
}
Local Request headers:
object(Symfony\Component\HttpFoundation\HeaderBag)#10 (2) {
["headers":protected]=>
array(10) {
["authorization"]=>
array(1) {
[0]=>
string(938) ""Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXUyJ9.eyJlbWFpbCI6Im5pY29sYXNAYXB4LWRldi5jb20iLCJpZCI6OTExMTExNDExLCJhcGlLZXkiOiJhNGExZjM3NjQwZDkzM2UwYjRlYzg4ZDBiY2VjMjgyODNkYTRjNzU1IiwiZmlyc3RuYW1lIjoiTmljb2xhcyIsImxhc3RuYW1lIjoiQXB4IiwiaWF0IjoiMTUwMzk1NzYyNSJ9.j1hLlRoVNSkS5UotPGuV1PsVgePGb9BQSxceBrE2oxilpXNJUApfwHJ4iGjhvjtAugBO5LTd9EF4_cTSlh9NxGy_oTRalH8EeM8BNE2tK6WTvxiC-B0hxRl9ifmKfIVdNZm4_l6NFZaYGdE7isQozPj8stwjfWkitUg5cRSLCztKmXAc8fU4DttFzLMUi7G2cB1JxeWxYpXSmy_DNrVeDzvEt86MmE7xCuO79kk6MBDC4P848NOOZLTy8hMKpXFwqHV0A8voJTVNGJZZWIrX2GiUBQZxZBquJyqRgO3C2bboHQChPF_ETZ1Wj7OvCMwIsqAFPIasPZqcK3eBMmAde9CAWQ_a7-_izk5iBD6wbSrCVMd_NDpATsKK5uqI23Kvm5PY8A__TpYMI7DmIKd6NZe2WaBIA9nIkPLNWgomy_OUISsR1DfTUgpX9R_lT5odqDxLfHU17pEhrXnwMoghYQFN2oZuqtC6wwht05qDVvCvNMpM3VLqySus7j7lUogjEMawW-WvmUhVqnCJ079ZkpqU-CDTKOwt2rS63Y3ojGKCc3_faFNlB1T_Arm1M91ukfzSZS3uctkm9Sfcfwt8KMizWvmLpYbs7Mj6QsAhseNbW9MZ2kger_BvRSCOc0rhWWVylZ_n0ra5wz5yJbgoKo252YxMWhqW5YGPDAH6xZE""
}
["cache-control"]=>
array(1) {
[0]=>
string(8) "no-cache"
}
["postman-token"]=>
array(1) {
[0]=>
string(36) "144afa4f-c482-4a30-8369-2a4b2f6e1a29"
}
["user-agent"]=>
array(1) {
[0]=>
string(20) "PostmanRuntime/6.2.5"
}
["accept"]=>
array(1) {
[0]=>
string(3) "*/*"
}
["host"]=>
array(1) {
[0]=>
string(12) "musehall.dev"
}
["cookie"]=>
array(1) {
[0]=>
string(36) "PHPSESSID=22v5la94j3m97mr54c31um67g2"
}
["accept-encoding"]=>
array(1) {
[0]=>
string(13) "gzip, deflate"
}
["connection"]=>
array(1) {
[0]=>
string(10) "keep-alive"
}
["x-php-ob-level"]=>
array(1) {
[0]=>
int(1)
}
}
["cacheControl":protected]=>
array(1) {
["no-cache"]=>
bool(true)
}
}
As you can see the token is missing on production server.
The only thing that I changed lately is that I renewed my certbot certificate.
Lexi config:
# json web token bundle
lexik_jwt_authentication:
private_key_path: "%jwt_private_key_path%"
public_key_path: "%jwt_public_key_path%"
pass_phrase: "%jwt_key_pass_phrase%"
token_ttl: "%jwt_token_ttl%"
Any Idea?
Probably due to apache stripping Authorization headers. See "Important note for apache users" in the bundle's documentation.