Reputation: 6068
HTTP_AUTHORIZATION header in Django
I wrote a simple check in django which requires an access token to be passed along in some requests (I'm using a decorator).
authorization = request.META.get('HTTP_AUTHORIZATION', None)
# Forbid access when no access token, or an invalid one, is provided
form = AccessTokenForm({ 'access_token': authorization })
if not form.is_valid():
raise exceptions.HttpDeniedException()
This has been working fine with django's development server, but recently I deployed using Apache and now it doesn't work anymore, as the authorisation variable is None. Has anyone faced something similiar before? The client is passing the header as Authorization; again, this is working fine in localhost, but not on the remote server.
Edit: I found this, and it seems that it should work, but it doesn't. Actually, I didn't even have an .htaccess file, and adding one doesn't seem to have taken any effect at all. Here are the contents:
RewriteEngine On
RewriteRule ^(media/.*)$ - [L]
RewriteRule ^(static/.*)$ - [L]
RewriteCond %{REQUEST_URL} !(dispatch.fcgi)
RewriteRule ^(.*)$ dispatch.fcgi/$1 [QSA,L,E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
The thing is, I'm not even sure Apache is using this at all..
Upvotes: 5
Views: 5653
Answers (1)
Reputation: 6068
It seems there's a ticket for this issue here. Just add the following to apache2.conf:
WSGIPassAuthorization on
Upvotes: 7
Related Questions
- Apache strips down "Authorization" header
- Authorization header of GET request in python/wsgi
- Django: Rest Framework authenticate header
- Django: custom http header authentification
- Authorization header missing in django rest_framework, is apache to blame?
- Django how to pass basic authorization headers in requests?
- Django TokenAuthentication missing the 'Authorization' http header
- Using HTTP Authorization header in python
- How to send a HTTP Header request rather than HTTP URL in Python
- Authentication with Python, Apache, and mod_wsgi