From 935b1e529194647c047deb23f7c6c8c8e7677c30 Mon Sep 17 00:00:00 2001
From: Milton Reder <milt@yetanalytics.com>
Date: Fri, 17 May 2024 15:53:59 -0400
Subject: [PATCH] Allow lowercase auth header

---
 auth.php | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/auth.php b/auth.php
index f2511c3..585a2a6 100755
--- a/auth.php
+++ b/auth.php
@@ -84,6 +84,8 @@ private function attempt_jwt_login() {
             $headers = apache_request_headers();
             if (isset($headers['Authorization'])) {
                 $authHeader = $headers['Authorization'];
+            } else if (isset($headers['authorization'])) {
+                $authHeader = $headers['authorization'];
             }
         }
 
@@ -96,21 +98,24 @@ private function attempt_jwt_login() {
             if (isset($_SERVER['Authorization'])) {
                 $authHeader = $_SERVER['Authorization'];
             }
+            else if (isset($_SERVER['authorization'])) {
+                $authHeader = $_SERVER['authorization'];
+            }
             else if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
                 $authHeader = $_SERVER['HTTP_AUTHORIZATION'];
-            } 
+            }
         }
 
         if (!isset($authHeader))
             return;
-        
+
         $payload = $this->parse_jwt_component($authHeader);
         if (is_null($payload))
             return;
-        
+
         /**
          * We allow the environment to specify whether to perform an issuer check.
-         * 
+         *
          * For some environments, this will be necessary, but for ADL's P1 deployment
          * this doesn't add any extra security.
          */