[Catalyst] Providing a REST API from behind Apache/FastCGI?

Dan Lowe dan at tangledhelix.com
Fri Nov 8 20:54:44 GMT 2013

I have begun development of a RESTful API (using Catalyst::Controller::REST), intending to authenticate with basic HTTP authentication. Using the myproject_server.pl debug server, everything works fine. I send the GET, an Authorization: and an Accept: header, and I get a 200 response followed by JSON result.

When I move this from dev to test, which means it goes behind mod_fastcgi, it stops working. Every request gets back 401 Unauthorized. As far as I can tell, the Authorization header is not being passed through to Catalyst.

Note that my main interactive application uses HTML form auth and cookies/sessions, so this is our first use case involving HTTP basic authentication.

Things I have already tried:

1. "Adding -pass-header Authorization" to the FastCgiExternalServer parameter in httpd.conf

tcpdump tells me that the "Authorization: Basic xxxxxxx" is being sent to the server on port 4900, but it never actually gets through to where my req object can use it, e.g. $c->req->header('Authorization') is undef.

2. Rewriting the Authorization header as an env var

RewriteCond %{HTTP:Authorization} ^(.+)
RewriteRule ^(.*)$ $1 [E=HTTP_AUTHORIZATION:%1,PT]

This turns out not to help because the environment seen by the fastcgi server is that of the user who started it, not the environment Apache is running in. Dumping the contents of %ENV shows that this env var is not available to Catalyst.

3. SSLOptions +StdEnvVars

See #2, it sets env vars in the wrong environment.

Has anyone had this problem and knows of some solution? I'm out of ideas at this point...


More information about the Catalyst mailing list