# CodeAlert API — keep the Authorization header.
# Many cPanel servers run PHP as CGI/FastCGI which drops this header,
# breaking token logins. These rules pass it through to PHP.

<IfModule mod_setenvif.c>
    SetEnvIf Authorization "(.+)" HTTP_AUTHORIZATION=$1
</IfModule>

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
