PHP has a useful getallheaders() method that returns a request’s HTTP headers as an array. I was using this for my organization’s CMS to check the origin of a request so I could enable CORS for whitelisted origins. It worked fine on my local machine, but when I deployed it to production it returned a 500 error. The only difference between my local installation of the CMS and the production environment is that I’m running Apache on my machine, but the server is running NGINX.

After some digging, I discovered that getallheaders() is an alias for apache_request_headers(), which until PHP version 5.4 was, as the method name suggest, only supported if PHP was running under an Apache web server. According to the PHP manual it’s supposed to now be supported under FastCGI, which is used by our CMS in production, so I think there must be something else at play here.