发表新帖
发表新帖

Apache strips down “Authorization” header

后端 未结
关注
2 1045
栀梦
栀梦 2020-12-03 01:44

I\'m having a little issue with my Apache 2.2.15 Server. I\'m running a Django app on top of it with mod_wsgi. I activated WSGIPassAuthorization On, which made

相关标签:
2条回答
  • 温柔的废话
    2020-12-03 02:17

    Several modules will strip the Authorization header to try to enhance security by preventing scripts from seeing usernames, passwords, etc... unless the developer explicitly enables this. Many of these modules will allow this header if you simply add the following line to .htaccess: CGIPassAuth on (source: Apache docs and StackOverflow)

    0 讨论(0)
  • 失恋的感觉
    2020-12-03 02:28

    I solved my problem, which finally was totally unrelated to my Apache configuration. So if you found this topic looking for an answer to the same problem, one of the solutions below should fix it :

    Config WSGI : 

    WSGIPAssAuthorization On

    Config .htaccess :

    RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

    You can put both of those into your httpd/conf.d/project.conf file !

    0 讨论(0)
 看不清?
提交回复
热议问题