Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.0k views
in Technique[技术] by (71.8m points)

django - Apache strips down "Authorization" header

I'm having a little issue with my Apache 2.2.15 Server. I'm running a Django app on top of it with mod_wsgi. I activated WSGIPassAuthorization On, which made the Basic auth working well. But I recently implemented OAuth2.0 to secure my API (Implicit Grant), and I think Apache won't let it pass since it is of the form "Authorization: Bearer token". The "Bearer" is the issue I guess, though I don't know how to avoid that.

I tried :

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

In the httpd.conf, .htaccess (after setting AllowOverride All), and in my vhost. Nothing to do, doesn't work. I've crawled the Internet all day long, and didn't find anything but those two solutions.

Thank you in advance !

EDIT:

OS : RedHatEL6.4
Apache : 2.2.15
Django: 1.6.6 w/ django-oauth-toolkit
Python: 2.7.8
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

I solved my problem, which finally was totally unrelated to my Apache configuration. So if you found this topic looking for an answer to the same problem, one of the solutions below should fix it :

Config WSGI :

WSGIPAssAuthorization On

Config .htaccess :

RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

You can put both of those into your httpd/conf.d/project.conf file !


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

2.1m questions

2.1m answers

60 comments

57.0k users

...