Merge pull request WP-API#35 from jtsternberg/master

Check auth headers in multiple locations

Author: rmccue

lib/class-wp-json-authentication-oauth1.php

@@ -60,19 +60,33 @@ public function parse_header( $header ) {
 
 	}
 
+	public function retrieve_authorization_headers() {
+		$auth_headers = ! empty( $_SERVER['HTTP_AUTHORIZATION'] ) ? $_SERVER['HTTP_AUTHORIZATION'] : false;
+
+		if ( ! $auth_headers && function_exists( 'apache_request_headers' ) ) {
+			$all_headers = apache_request_headers();
+
+			$auth_headers = array_key_exists( 'Authorization', $all_headers ) ? $all_headers['Authorization'] : false;
+		}
+
+		return $auth_headers;
+	}
+
 	public function get_parameters( $require_token = true, $extra = array() ) {
 		$params = array_merge( $_GET, $_POST );
 		$params = wp_unslash( $params );
 
-		if ( ! empty( $_SERVER['HTTP_AUTHORIZATION'] ) ) {
-			$header = wp_unslash( $_SERVER['HTTP_AUTHORIZATION'] );
+		$auth_headers = $this->retrieve_authorization_headers();
+
+		if ( ! empty( $auth_headers ) ) {
+			$auth_headers = wp_unslash( $auth_headers );
 
 			// Trim leading spaces
-			$header = trim( $header );
+			$auth_headers = trim( $auth_headers );
 
-			$header_params = $this->parse_header( $header );
-			if ( ! empty( $header_params ) ) {
-				$params = array_merge( $params, $header_params );
+			$auth_header_params = $this->parse_header( $auth_headers );
+			if ( ! empty( $auth_header_params ) ) {
+				$params = array_merge( $params, $auth_header_params );
 			}
 		}
 
@@ -504,6 +518,7 @@ public function revoke_access_token( $key ) {
 	 * @return boolean|WP_Error True on success, error otherwise
 	 */
 	protected function check_oauth_signature( $consumer, $oauth_params, $token = null ) {
+
 		$http_method = strtoupper( $_SERVER['REQUEST_METHOD'] );
 
 		switch ( $http_method ) {