Issue #670454 by pwolanin, cburschka, effulgentsia: Support HTTP Authorization in CGI environments.

2 files changed, 6 insertions, 0 deletions

diff --git a/.htaccess b/.htaccess
index 02c56f86c..7ccb6a2f6 100644
--- a/.htaccess
+++ b/.htaccess
@@ -63,6 +63,10 @@ DirectoryIndex index.php index.html index.htm
   RewriteCond %{HTTPS} on
   RewriteRule ^ - [E=protossl:s]
 
+  # Make sure Authorization HTTP header is available to PHP
+  # even when running as CGI or FastCGI.
+  RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+
   # Block access to "hidden" directories whose names begin with a period. This
   # includes directories used by version control systems such as Subversion or
   # Git to store control files. Files whose names begin with a period, as well
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index e9fc50261..f9f429da9 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,6 +1,8 @@
 
 Drupal 7.23, xxxx-xx-xx (development version)
 -----------------------
+- Changed the default .htaccess file to support HTTP authorization in CGI
+  environments.
 - Changed the password reset form to pre-fill the username when requested via a
   URL query parameter, and used this in the error message that appears after a
   failed login attempt (minor data structure and behavior change).