I'm developing a PHP-based API and use a custom header for authentication.
It works perfectly for clients using ipv4. But somehow, a part of the custom header is missing at arrival at the php server when clients use ipv6.
In Chrome, I can see that the header contains the value (by using the networking tab) when it is sent to the server. But somehow it is missing at arrival at the server side. But only when using ipv6.
Client (React.js + Axios):
axios.defaults.headers.common["CUSTOM_HEADER"] = "test";
axios.get(url);
To access the value of the custom header in php, I use the following in my .htaccess file.
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, CUSTOM_HEADER"
RewriteRule .* - [E=HTTP_CUSTOM_HEADER:%{HTTP:CUSTOM_HEADER}]
In PHP:
$test = $_SERVER["HTTP_CUSTOM_HEADER"]; // this is empty (but only for IPV6!)
In php, I checked the entire $_SERVER variable (to see if it was included differently), but somehow when calling from ipv6, the value is completely missing.
The Linux server uses Apache.
Does anyone have a clue?
It turns out that it wasn't code related.
The hosting company used different load balancing servers/proxy for IPV6. These were differently configured (the load balancing server used by ipv6 strips the custom headers).
What I learned: avoid custom headers and use as much official (IANA) http headers, because these have a better chance to survive the transmission from client to server.