授权头在Django rest_framework缺失，就是Apache惹的祸？ [英] Authorization header missing in django rest_framework, is apache to blame?

问题描述

我已经成功地延长 TokenAuthentication ，我有一个工作模型使用请求会话来存储我的令牌时，但是当我试图传递授权一样这里描述的头参数 ，我发现我的答复回来没有META变量HTTP_AUTHORIZATION。我也注意到，如果我通过许可2作为头参数，它是在请求可见：

I've managed to extend TokenAuthentication and I have a working model when using the request session to store my tokens, however when I attempt to pass Authorization as a header parameter as described here, I noticed that my Responses come back without the META variable HTTP_AUTHORIZATION. I also noticed that if I pass "Authorization2" as a header parameter that it is visible in the request:

{
    '_content_type': '', 
    'accepted_media_type': 'application/json', 
    '_request': <WSGIRequest
        path:/api/test_auth/,
        GET:<QueryDict: {}>,
        POST:<QueryDict: {}>,
        COOKIES:{
            'MOD_AUTH_CAS_S': 'ba90237b5b6a15017f8ca1d5ef0b95c1',
            'csrftoken': 'VswgfoOGHQmbWpCXksGUycj94XlwBwMh',
            'sessionid': 'de1f3a8eee48730dd34f6b4d41caa210'
        },
        META:{
           'DOCUMENT_ROOT': '/etc/apache2/htdocs',
           'GATEWAY_INTERFACE': 'CGI/1.1',
           'HTTPS': '1',
           'HTTP_ACCEPT': '*/*',
           'HTTP_ACCEPT_CHARSET': 'ISO-8859-1,utf-8;q=0.7,*;q=0.3',
           'HTTP_ACCEPT_ENCODING': 'gzip,deflate,sdch',
           'HTTP_ACCEPT_LANGUAGE': 'en-US,en;q=0.8',
           'HTTP_AUTHORIZATION2': 'Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4c',
           ...

我的第一个猜测是，授权头是由阿帕奇删除，我已阅读，指出，Apache将抛出的价值，如果它不符合基本的授权和认证的几个S / O的问题，但我没有知道如何让Authorization头为穿越来的Django和WSGIRequest。有谁知道如何解决这个问题？

My first guess is that the authorization header is being removed by apache, and I have read a few S/O questions that state that apache will throw out the value if it does not match basic authorization and authenticate, but I have no idea how to allow the Authorization header to 'pass through' to Django and the WSGIRequest. Does anyone know how to solve this problem?

我也用mod_auth_cas和mod_proxy的，如果改变任何东西。

I also use mod_auth_cas and mod_proxy, if that changes anything..

推荐答案

不好意思问完之后回答我的问题分钟。但事实证明，这毕竟是Apache2的！爬行网，并通过几个搜索结果看后，我发现这评论：

Sorry to answer my own question minutes after asking it. But it turns out it was apache2 after all! After crawling the webs and looking through a few search results I found this in a comment:

RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

添加上述行我的conf文件似乎是解决所有我的问题！希望这有助于用户在路上！

Adding the above lines to my conf file seemed to solve all of my problems! Hopefully this helps users down the road!

这篇关于授权头在Django rest_framework缺失，就是Apache惹的祸？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！