我已经成功扩展了TokenAuthentication,并且在使用请求 session 存储我的 token 时有一个工作模型,但是当我尝试将Authorization作为 header 传递时参数as described here ,我注意到我的响应返回时没有 META 变量 HTTP_AUTHORIZATION。我还注意到,如果我将“Authorization2”作为 header 参数传递,它在请求中可见:
{
'_content_type': '',
'accepted_media_type': 'application/json',
'_request': <WSGIRequest
path:/api/test_auth/,
GET:<QueryDict: {}>,
POST:<QueryDict: {}>,
COOKIES:{
'MOD_AUTH_CAS_S': 'ba90237b5b6a15017f8ca1d5ef0b95c1',
'csrftoken': 'VswgfoOGHQmbWpCXksGUycj94XlwBwMh',
'sessionid': 'de1f3a8eee48730dd34f6b4d41caa210'
},
META:{
'DOCUMENT_ROOT': '/etc/apache2/htdocs',
'GATEWAY_INTERFACE': 'CGI/1.1',
'HTTPS': '1',
'HTTP_ACCEPT': '*/*',
'HTTP_ACCEPT_CHARSET': 'ISO-8859-1,utf-8;q=0.7,*;q=0.3',
'HTTP_ACCEPT_ENCODING': 'gzip,deflate,sdch',
'HTTP_ACCEPT_LANGUAGE': 'en-US,en;q=0.8',
'HTTP_AUTHORIZATION2': 'Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4c',
...
我的第一个猜测是授权 header 被 apache 删除,并且我已经阅读了一些 S/O 问题,这些问题指出如果该值与基本授权和身份验证不匹配,apache 将抛出该值,但我没有想法如何允许授权 header “传递”到 Django 和 WSGIRequest。有谁知道如何解决这个问题吗?
我还使用 mod_auth_cas 和 mod_proxy,如果这会改变什么的话..
最佳答案
如果您使用 Apache 和 mod_wsgi,那么我在 Django REST 框架官方网站中找到了简单的解决方案
Apache mod_wsgi specific configuration
Note that if deploying to Apache using mod_wsgi, the authorization header is not passed through to a WSGI application by default, as it is assumed that authentication will be handled by Apache, rather than at an application level.
If you are deploying to Apache, and using any non-session based authentication, you will need to explicitly configure mod_wsgi to pass the required headers through to the application. This can be done by specifying the WSGIPassAuthorization directive in the appropriate context and setting it to 'On'.
# this can go in either server config, virtual host, directory or .htaccess
WSGIPassAuthorization On
关于apache - django Rest_framework 中缺少授权 header ,是 apache 的错吗?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/13387516/