阿帕奇剥离下来＆QUOT;授权＆QUOT;头 [英] Apache strips down "Authorization" header

问题描述

我在与我的Apache 2.2.15服务器有点问题。
我正在与mod_wsgi的它的顶部有一个Django应用程序。我激活 WSGIPassAuthorization在，这使得基本身份验证运作良好。但我最近实施的OAuth2.0，以确保我的API（隐格兰特），我认为Apache不会让它通过，因为它的形式是授权：承载令牌。在承载是我猜的问题，虽然我不知道如何避免这一点。

我试过：

  RewriteEngine叙述在
的RewriteCond％{HTTP：授权} ^（。*）
。重写规则*  -  [E = HTTP_AUTHORIZATION：％1]
 

在httpd.conf中，htaccess的（设置在的AllowOverride全部），并在我的虚拟主机。无事可做，不能正常工作。
我爬在网上整天，并没有发现任何东西，但这些两种解决方案。

感谢你在前进！

编辑：

 操作系统：RedHatEL6.4
阿帕奇：2.2.15
Django的：1.6.6瓦特/ Django的OAuth的工具包
的Python：2.7.8
 

解决方案

我解决我的问题，最终是完全无关的我的Apache配置。所以，如果你发现这个话题寻找一个答案，同样的问题，下面的解决方案之一应该修复它：

配置WSGI：

  WSGIPAssAuthorization开
 

配置的.htaccess：

  RewriteEngine叙述在
的RewriteCond％{HTTP：授权} ^（。*）
。重写规则*  -  [E = HTTP_AUTHORIZATION：％1]
 

您可以把这些都变成你的httpd / conf.d / project.conf文件！

I'm having a little issue with my Apache 2.2.15 Server. I'm running a Django app on top of it with mod_wsgi. I activated WSGIPassAuthorization On, which made the Basic auth working well. But I recently implemented OAuth2.0 to secure my API (Implicit Grant), and I think Apache won't let it pass since it is of the form "Authorization: Bearer token". The "Bearer" is the issue I guess, though I don't know how to avoid that.

I tried :

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

In the httpd.conf, .htaccess (after setting AllowOverride All), and in my vhost. Nothing to do, doesn't work. I've crawled the Internet all day long, and didn't find anything but those two solutions.

Thank you in advance !

EDIT:

OS : RedHatEL6.4
Apache : 2.2.15
Django: 1.6.6 w/ django-oauth-toolkit
Python: 2.7.8

解决方案

I solved my problem, which finally was totally unrelated to my Apache configuration. So if you found this topic looking for an answer to the same problem, one of the solutions below should fix it :

Config WSGI :

WSGIPAssAuthorization On

Config .htaccess :

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

You can put both of those into your httpd/conf.d/project.conf file !

这篇关于阿帕奇剥离下来＆QUOT;授权＆QUOT;头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！