protected function getBearerTokenFromHeaders(Request $request, $removeFromRequest)
{
$header = null;
if (!$request->headers->has('AUTHORIZATION')) {
// The Authorization header may not be passed to PHP by Apache;
// Trying to obtain it through apache_request_headers()
if (function_exists('apache_request_headers')) {
$headers = apache_request_headers();
if (is_array($headers)) {
// Server-side fix for bug in old Android versions (a nice side-effect of this fix means we don't care about capitalization for Authorization)
$headers = array_combine(array_map('ucwords', array_keys($headers)), array_values($headers));
if (isset($headers['Authorization'])) {
$header = $headers['Authorization'];
}
}
}
} else {
$header = $request->headers->get('AUTHORIZATION');
}
if (!$header) {
return null;
}
if (!preg_match('/' . preg_quote(self::TOKEN_BEARER_HEADER_NAME, '/') . '\\s(\\S+)/', $header, $matches)) {
return null;
}
$token = $matches[1];
if ($removeFromRequest) {
$request->headers->remove('AUTHORIZATION');
}
return $token;
}