django rest_framework 中缺少授权标头,是 apache 的错吗? [英] Authorization header missing in django rest_framework, is apache to blame?
问题描述
我设法扩展了 TokenAuthentication
并且在使用请求会话存储令牌时有一个工作模型,但是当我尝试将 Authorization
作为标头传递时参数 如此处所述,我注意到我的响应返回时没有 META 变量HTTP_AUTHORIZATION.我还注意到,如果我将Authorization2"作为标头参数传递,则它在请求中可见:
I've managed to extend TokenAuthentication
and I have a working model when using the request session to store my tokens, however when I attempt to pass Authorization
as a header parameter as described here, I noticed that my Responses come back without the META variable HTTP_AUTHORIZATION. I also noticed that if I pass "Authorization2" as a header parameter that it is visible in the request:
{
'_content_type': '',
'accepted_media_type': 'application/json',
'_request': <WSGIRequest
path:/api/test_auth/,
GET:<QueryDict: {}>,
POST:<QueryDict: {}>,
COOKIES:{
'MOD_AUTH_CAS_S': 'ba90237b5b6a15017f8ca1d5ef0b95c1',
'csrftoken': 'VswgfoOGHQmbWpCXksGUycj94XlwBwMh',
'sessionid': 'de1f3a8eee48730dd34f6b4d41caa210'
},
META:{
'DOCUMENT_ROOT': '/etc/apache2/htdocs',
'GATEWAY_INTERFACE': 'CGI/1.1',
'HTTPS': '1',
'HTTP_ACCEPT': '*/*',
'HTTP_ACCEPT_CHARSET': 'ISO-8859-1,utf-8;q=0.7,*;q=0.3',
'HTTP_ACCEPT_ENCODING': 'gzip,deflate,sdch',
'HTTP_ACCEPT_LANGUAGE': 'en-US,en;q=0.8',
'HTTP_AUTHORIZATION2': 'Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4c',
...
我的第一个猜测是授权标头正在被 apache 删除,我已经阅读了一些 S/O 问题,这些问题指出如果它与基本授权和身份验证不匹配,apache 将抛出该值,但我没有了解如何允许 Authorization 标头通过"到 Django 和 WSGIRequest.有谁知道如何解决这个问题?
My first guess is that the authorization header is being removed by apache, and I have read a few S/O questions that state that apache will throw out the value if it does not match basic authorization and authenticate, but I have no idea how to allow the Authorization header to 'pass through' to Django and the WSGIRequest. Does anyone know how to solve this problem?
我也使用 mod_auth_cas 和 mod_proxy,如果这有什么改变的话..
I also use mod_auth_cas and mod_proxy, if that changes anything..
推荐答案
很抱歉在问了几分钟后才回答我自己的问题.但事实证明它毕竟是apache2!在抓取网页并查看一些搜索结果后,我在评论中发现了这一点:
Sorry to answer my own question minutes after asking it. But it turns out it was apache2 after all! After crawling the webs and looking through a few search results I found this in a comment:
RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
将以上几行添加到我的 conf 文件中似乎解决了我所有的问题!希望这对用户有所帮助!
Adding the above lines to my conf file seemed to solve all of my problems! Hopefully this helps users down the road!
这篇关于django rest_framework 中缺少授权标头,是 apache 的错吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!