Apache 剥离了“授权"标题 [英] Apache strips down "Authorization" header

问题描述

我的 Apache 2.2.15 服务器有一个小问题.我正在使用 mod_wsgi 在它上面运行一个 Django 应用程序.我激活了 WSGIPassAuthorization On，这使得 Basic auth 运行良好.但是我最近实现了 OAuth2.0 来保护我的 API(隐式授权)，我认为 Apache 不会让它通过，因为它是授权:不记名令牌"的形式.Bearer"是我猜的问题，虽然我不知道如何避免.

I'm having a little issue with my Apache 2.2.15 Server. I'm running a Django app on top of it with mod_wsgi. I activated WSGIPassAuthorization On, which made the Basic auth working well. But I recently implemented OAuth2.0 to secure my API (Implicit Grant), and I think Apache won't let it pass since it is of the form "Authorization: Bearer token". The "Bearer" is the issue I guess, though I don't know how to avoid that.

我试过了:

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

在 httpd.conf、.htaccess(在设置 AllowOverride All 之后)和我的虚拟主机中.无事可做，行不通.我在网上爬了一整天，除了这两个解决方案之外没有找到任何东西.

In the httpd.conf, .htaccess (after setting AllowOverride All), and in my vhost. Nothing to do, doesn't work. I've crawled the Internet all day long, and didn't find anything but those two solutions.

先谢谢你！

OS : RedHatEL6.4
Apache : 2.2.15
Django: 1.6.6 w/ django-oauth-toolkit
Python: 2.7.8

推荐答案

我解决了我的问题，最终与我的 Apache 配置完全无关.因此，如果您发现此主题正在寻找同一问题的答案，则以下解决方案之一应该可以解决此问题:

I solved my problem, which finally was totally unrelated to my Apache configuration. So if you found this topic looking for an answer to the same problem, one of the solutions below should fix it :

配置WSGI:

WSGIPAssAuthorization On

配置.htaccess:

Config .htaccess :

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

你可以把这两个都放到你的 httpd/conf.d/project.conf 文件中！

You can put both of those into your httpd/conf.d/project.conf file !

这篇关于Apache 剥离了“授权"标题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！