2018-05-17 UTC
# Zegnat GWG: basically what my diag tool does is POST to an endpoint it controls. The post body includes the expected authorization header content, and the actual header gets send as well. Then the test endpoint just returns a JSON of where in $_SERVER / getallheaders it was able to find the auth: https://gist.github.com/Zegnat/f4192c3cce05d847af3547eea80e383c#file-authdiag-php-L3-L20