2018-05-16 UTC
# Zegnat Or: (some?) Apache server try to be helpful and will parse the content of the Authorization header and only pass along the parsed outcome to the PHP process. This is fine when it means PHP gets the HTTP Basic Auth credentials pre-parsed and ready to be used. But when parsing fails (e.g. for Bearer tokens) Apache decides not to pass along anything.