django rest_framework 中缺少授权标头，是 apache 的错吗? [英] Authorization header missing in django rest_framework, is apache to blame?

问题描述

我设法扩展了 TokenAuthentication 并且在使用请求会话存储令牌时有一个工作模型，但是当我尝试将 Authorization 作为标头传递时参数 如此处所述，我注意到我的响应返回时没有 META 变量HTTP_AUTHORIZATION.我还注意到，如果我将Authorization2"作为标头参数传递，则它在请求中可见:

I've managed to extend TokenAuthentication and I have a working model when using the request session to store my tokens, however when I attempt to pass Authorization as a header parameter as described here, I noticed that my Responses come back without the META variable HTTP_AUTHORIZATION. I also noticed that if I pass "Authorization2" as a header parameter that it is visible in the request:

{
    '_content_type': '', 
    'accepted_media_type': 'application/json', 
    '_request': <WSGIRequest
        path:/api/test_auth/,
        GET:<QueryDict: {}>,
        POST:<QueryDict: {}>,
        COOKIES:{
            'MOD_AUTH_CAS_S': 'ba90237b5b6a15017f8ca1d5ef0b95c1',
            'csrftoken': 'VswgfoOGHQmbWpCXksGUycj94XlwBwMh',
            'sessionid': 'de1f3a8eee48730dd34f6b4d41caa210'
        },
        META:{
           'DOCUMENT_ROOT': '/etc/apache2/htdocs',
           'GATEWAY_INTERFACE': 'CGI/1.1',
           'HTTPS': '1',
           'HTTP_ACCEPT': '*/*',
           'HTTP_ACCEPT_CHARSET': 'ISO-8859-1,utf-8;q=0.7,*;q=0.3',
           'HTTP_ACCEPT_ENCODING': 'gzip,deflate,sdch',
           'HTTP_ACCEPT_LANGUAGE': 'en-US,en;q=0.8',
           'HTTP_AUTHORIZATION2': 'Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4c',
           ...

我的第一个猜测是授权标头正在被 apache 删除，我已经阅读了一些 S/O 问题，这些问题指出如果它与基本授权和身份验证不匹配，apache 将抛出该值，但我没有了解如何允许 Authorization 标头通过"到 Django 和 WSGIRequest.有谁知道如何解决这个问题?

My first guess is that the authorization header is being removed by apache, and I have read a few S/O questions that state that apache will throw out the value if it does not match basic authorization and authenticate, but I have no idea how to allow the Authorization header to 'pass through' to Django and the WSGIRequest. Does anyone know how to solve this problem?

我也使用 mod_auth_cas 和 mod_proxy，如果这有什么改变的话..

I also use mod_auth_cas and mod_proxy, if that changes anything..

推荐答案

很抱歉在问了几分钟后才回答我自己的问题.但事实证明它毕竟是apache2！在抓取网页并查看一些搜索结果后，我在评论中发现了这一点:

Sorry to answer my own question minutes after asking it. But it turns out it was apache2 after all! After crawling the webs and looking through a few search results I found this in a comment:

RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

将以上几行添加到我的 conf 文件中似乎解决了我所有的问题！希望这对用户有所帮助！

Adding the above lines to my conf file seemed to solve all of my problems! Hopefully this helps users down the road!

这篇关于django rest_framework 中缺少授权标头，是 apache 的错吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！