Merge branch 'auth-header' into 2.x

Refs #9229

lib/Cake/Network/CakeRequest.php

@@ -397,7 +397,7 @@ class CakeRequest implements ArrayAccess {
 
 /**
  * Get the content type used in this request.
- * 
+ *
  * @return string
  */
 	public function contentType() {
@@ -748,7 +748,13 @@ class CakeRequest implements ArrayAccess {
  * @return mixed Either false on no header being set or the value of the header.
  */
 	public static function header($name) {
-		$name = 'HTTP_' . strtoupper(str_replace('-', '_', $name));
+		$name = strtoupper(str_replace('-', '_', $name));
+		$httpName = 'HTTP_' . $name;
+		if (isset($_SERVER[$httpName])) {
+			return $_SERVER[$httpName];
+		}
+		// Work around Apache issues where 'Authorization' is not
+		// passed to PHP.
 		if (isset($_SERVER[$name])) {
 			return $_SERVER[$name];
 		}

lib/Cake/Test/Case/Network/CakeRequestTest.php

@@ -148,7 +148,7 @@ class CakeRequestTest extends CakeTestCase {
 
 /**
  * Test the content type method.
- * 
+ *
  * @return void
  */
 	public function testContentType() {
@@ -1147,11 +1147,13 @@ class CakeRequestTest extends CakeTestCase {
 		$_SERVER['HTTP_X_THING'] = '';
 		$_SERVER['HTTP_HOST'] = 'localhost';
 		$_SERVER['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-ca) AppleWebKit/534.8+ (KHTML, like Gecko) Version/5.0 Safari/533.16';
+		$_SERVER['AUTHORIZATION'] = 'foobar';
 		$request = new CakeRequest('/', false);
 
 		$this->assertEquals($_SERVER['HTTP_HOST'], $request->header('host'));
 		$this->assertEquals($_SERVER['HTTP_USER_AGENT'], $request->header('User-Agent'));
 		$this->assertSame('', $request->header('X-thing'));
+		$this->assertEquals($_SERVER['AUTHORIZATION'], $request->header('Authorization'));
 	}
 
 /**