hagay
Reputation: 85
Django: Got 403 when using Oauth2 and SSL
I am using Django 1.6 with Oauth2 (django-oauth-toolkit) and the site is SSL secure via apache.
- When i get a token and using it without SSL - I reach the api and get 200.
- If the token is not valid, i get 403, as expected. OK.
- when i use the SSL without the Oauth2 - it's also pass OK.
But when i use them together SSL and Oauth I get 403.
Can someone give me a clue what am i missing?
Thanks in advances
Hagay.
Upvotes: 0
Views: 435
Answers (1)
Brendan Quinn
Reputation: 2249
If you're getting strange issues with HTTP authorization under Apache/WSGI/Django, but not when running manage.py runserver, you might need this command in your Apache site config:
WSGIPassAuthorization on
If the setting is not switched on, then WSGI "swallows" all authorization headers and doesn't pass them on to your Python code, apparently for security reasons.
See the WSGI module docs for more information.
Upvotes: 2
Related Questions
- 403 error with Django-Rest-Framework and Django-Oauth-Toolkit in client_credentials mode
- HTTPError 403 (Forbidden) with Django and python-social-auth connecting to Google with OAuth2
- Getting 403 response in test script using Django REST and OAuth2
- Django 403 Forbidden Error
- Unable to use OAUTH2 Django
- Django with mod_wsgi returns 403 error
- How can I fix a 403 forbidden on an apache server using Django?
- Apache Django "client denied by server configuration" error
- Django AllAuth gives SSLError
- Django authentication failing with a 403 with no detailed message