Authorization header of GET request in python/wsgi

Question

I'm in the process of creating a POST/GET API in Python 3. I'm running Apache2 connected to a WSGI script. I've managed to retrieve very simple GET requests succesfully. My code so far:

def application(environ, start_response):   
    status = '200 OK'
    output = b'Hello'
    
    print(environ)
    # print(environ['HTTP_AUTHORIZATION'])

    response_headers = [('Content-type', 'text/plain'),('Content-Length', str(len(output)))]
    start_response(status, response_headers)

    return [output]

I use reqbin to test-send GET requests to my server. When you enter a token inside the Bearer token field, it is automatically added to the headers. I tested this with a server I have a bearer token for and validation completes succesfully, so I know reqbin is actually sending the token.

However, I seem to be unable to acces the authorization header on my server. Apparently, it should be inside the environ object prefixed by HTTP_. But printing environ['HTTP_AUTHORIZATION'] yields a KeyError. I then tried printing the full environ object and retrieved it from the apache log:

{
    'mod_wsgi.listener_port': '443',
    'CONTEXT_DOCUMENT_ROOT': '/var/www/gosharing',
    'SERVER_SOFTWARE': 'Apache/2.4.41 (Ubuntu)',
    'SCRIPT_NAME': '',
    'mod_wsgi.enable_sendfile': '0',
    'mod_wsgi.handler_script': '',
    'SERVER_SIGNATURE': 'Apache/2.4.41 (Ubuntu) Server at domain.ext Port 443\n',
    'REQUEST_METHOD': 'GET',
    'PATH_INFO': '/',
    'SERVER_PROTOCOL': 'HTTP/1.1',
    'QUERY_STRING': '',
    'wsgi.errors': ,
    'HTTP_X_REAL_IP': '2a02:a44a:ea1e:1:9053:2c7a:daaa:16',
    'HTTP_USER_AGENT': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36',
    'SERVER_NAME': 'domain.ext',
    'REMOTE_ADDR': '206.189.205.251',
    'mod_wsgi.queue_start': '1644325870796726',
    'mod_wsgi.request_handler': 'wsgi-script',
    'apache.version': (2, 4, 41),
    'mod_wsgi.version': (4, 6, 8),
    'wsgi.url_scheme': 'https',
    'PATH_TRANSLATED': '/var/www/gosharing/gosharing.wsgi/',
    'SERVER_PORT': '443',
    'mod_wsgi.total_requests': 0L,
    'wsgi.multiprocess': False,
    'SERVER_ADDR': '185.45.113.35',
    'DOCUMENT_ROOT': '/var/www/gosharing',
    'mod_wsgi.process_group': 'gosharing',
    'mod_wsgi.thread_requests': 0L,
    'mod_wsgi.daemon_connects': '1',
    'mod_wsgi.request_id': 'sn1scyGWCVM',
    'SCRIPT_FILENAME': '/var/www/gosharing/gosharing.wsgi',
    'SERVER_ADMIN': 'webmaster@localhost',
    'mod_wsgi.ignore_activity': '0',
    'wsgi.input': ,
    'HTTP_HOST': 'domain.ext',
    'CONTEXT_PREFIX': '',
    'wsgi.multithread': True,
    'mod_wsgi.callable_object': 'application',
    'mod_wsgi.daemon_restarts': '0',
    'REQUEST_URI': '/',
    'HTTP_ACCEPT': '*/*',
    'mod_wsgi.path_info': '/',
    'wsgi.file_wrapper': ,
    'wsgi.version': (1, 0),
    'GATEWAY_INTERFACE': 'CGI/1.1',
    'wsgi.run_once': False,
    'mod_wsgi.script_name': '',
    'REMOTE_PORT': '39762',
    'mod_wsgi.listener_host': '',
    'REQUEST_SCHEME': 'https',
    'SSL_TLS_SNI': 'domain.ext',
    'wsgi.input_terminated': True,
    'mod_wsgi.script_start': '1644325870815229',
    'mod_wsgi.application_group': '',
    'mod_wsgi.script_reloading': '1',
    'mod_wsgi.thread_id': 1,
    'mod_wsgi.request_start': '1644325870796210',
    'HTTP_ACCEPT_ENCODING': 'deflate, gzip',
    'mod_wsgi.daemon_start': '1644325870800682'
}

In fact, I can add any header on reqbin and be able to see it in my apache log, except for the authorization header. Maybe it is in a more protected place? Please help me out here.

Authorization header of GET request in python/wsgi

Answers (1)

Related Questions