升级到PHP 5.5.1和apache 2.4.6后,检查某些标题现在已经中断了(具体来说,检查HTTP_X_REQUESTED_WITH).
通过进一步测试,我注意到任何包含下划线的自定义标题都被忽略(这意味着它不会显示在PHP的$_SERVER数组中).所以如果我添加一个名为my-header的头,它可以作为$_SERVER [‘HTTP_MY_HEADER’]使用,但是如果我尝试添加一个头my_header,那么它在$_SERVER中不可用.
这是apache 2.4中的一个记录功能.见
httpd.apache.org/docs/trunk/new_features_2_4.html
Translation of headers to environment variables is more strict than before to mitigate some possible cross-site-scripting attacks via header injection. Headers containing invalid characters (including underscores) are now silently dropped.