Reputation: 2194
Nginx and uWSGI stripping HTTP_AUTHORIZATION
I am working with an API and it seems that Nginx and uWSGI are removing the HTTP_AUTHORIZATION header that I pass.
I send a curl POST to my API server which runs Django. When I have Django print out a list of request.META I see that HTTP_AUTHORIZATION is missing.
Nginx config contains these:
uwsgi_pass_header HTTP_AUTHORIZATION;
uwsgi_pass_request_headers on;
But doing these two passes doesn't seem to have any affect.
Any idea why there is this stripping... is it happening at the Nginx level, the uWSGI level, or the Django level?
Upvotes: 4
Views: 6396
Answers (2)
Reputation: 209
I had a similar issue, and added the following settings to the location part of my nginx config:
uwsgi_pass_header Authorization;
uwsgi_pass_request_headers on;
Notice the value I used for uwsgi_pass_header is Authorization.
With these settings, my app to start receiving auth headers without warnings from nginx.
Upvotes: -1
Reputation: 1514
Try to change the underscore in HTTP_AUTHORIZATION to a dash HTTP-AUTHORIZATION in your curl post.
Per default nginx marks headers with underscores as invalid and ignores invalid headers.
You can use nginx directives to either allow underscores in headers with underscores_in_headers on; or don't ignore invalid header with ignore_invalid_headers off;.
Upvotes: 5
Related Questions
- Nginx password authentication keeps prompting for password
- nginx + uwsgi + django open uwsgi_params failed (13: permission denied)
- Django login doesn't work with uwsgi/nginx
- Django uWSGI NGINX Bad Request 400
- uwsgi http is ambiguous
- Handling PUT requests returning 403 errors with Django Rest Framework, nginx and uwsgi
- uWSGI + Nginx, uWSGI can't receive request
- Login doesn't work with Django + nginx + uwsgi
- nginx and uWSGI obtain authentication data in Python
- django with nginx + uwsgi