如何使用 python 获取客户端在请求标头中插入的新参数？

Question

I have a curl request as:

curl --location --request POST 'http://127.0.0.1:8000/hit_api/' \
--header 'x-access-token: xxxx' \
--header 'HTTP_APP: "abcd123"'

Now I want to obtain the string: abcd123 from the HTTP_APP param inserted by the requester.

I tried with:

print(request.META)
    
if "HTTP_APP" not in request.META:

   return JsonResponse({
     'success': False,
     'message': 'HTTP_APP not found in Headers'
   })

And I get only the above JsonResponse because it's not printing the HTTP_APP from the headers.

request.META output:

{'TMPDIR': '/var/folders/07//T/', 'XPC_FLAGS': '0x0', 'TERM_PROGRAM_VERSION': '433', 'TERM_PROGRAM': 'Apple_Terminal', 'XPC_SERVICE_NAME': '0', 'TERM_SESSION_ID': '63385300-42FE-4D88-862B-6A55FD4FE263', 'TERM': 'xterm-256color', '
SSH_AUTH_SOCK': '/private/tmp/com.apple.launchd.bLmUMoeIe0/Listeners', 'SHELL': '/bin/zsh', 'HOME': '/Users/servify', 'LOGNAME': '', 'USER': '', 'PATH': '/Users/servify/Desktop/virtualenvs/crackdenv/bin:/Library/Frameworks/Python.framework/Versions/3.6/bin:/Library/Frameworks/Python.framework/Versions/3.7/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin', 'SHLVL': '1', 'PWD': '/Users/servify/Desktop/crackd-api', 'OLDPWD': '/Users/Desktop/virtualenvs', 'VIRTUAL_ENV': '/Users/servify/Desktop/virtualenvs/abcenv, 'PS1': '(crackdenv) %n@%m %1~ %# ', 'ABC_ENV': 'development', 'LC_CTYPE': 'UTF-8', '
_': '/Users/servify/Desktop/virtualenvs/abcenv/bin/python', '__CF_USER_TEXT_ENCODING': '0x1F6:0x0:0x0', '__PYVENV_LAUNCHER__': '/Users/Desktop/virtualenvs/crackdenv/bin/python', 'DJANGO_SETTINGS_MODULE': 'server.settings', 'TZ': 'UTC', 'RUN_MAIN': 'true', 'SERVER_NAME': '1.0.0.127.in-addr.arpa', 'GATEWAY_INTERFACE': 'CGI/1.1', 'SERVER_PORT': '8000', 'REMOTE_HOST': '', 'CONTENT_LENGTH': '0', 'SCRIPT_NAME': '', 'SERVER_PROTOCOL': 'HTTP/1.1', 'SERVER_SOFTWARE': 'WSGIServer/0.2', 'REQUEST_METHOD': 'POST', 'PATH_INFO': '/get_config/', 'QUERY_STRING': '', 'REMOTE_ADDR': '127.0.0.1', 
'CONTENT_TYPE': 'text/plain', 'HTTP_X_ACCESS_TOKEN': '', 'HTTP_USER_AGENT': 'PostmanRuntime/7.26.1', 'HTTP_ACCEPT': '*/*', 'HTTP_POSTMAN_TOKEN': '', 'HTTP_HOST': '127.0.0.1:8000', 'HTTP_ACCEPT_ENCODING': 'gzip, deflate, br', 'HTTP_CONNECTION': 'keep-alive', 'wsgi.input': <_io.BufferedReader name=11>, 'wsgi.errors': <_io.TextIOWrapper name='<stderr>' mode='w' encoding='UTF-8'>, 'wsgi.version': (1, 0), 'wsgi.run_once': False, 'wsgi.url_scheme': 'http', 'wsgi.multithread': True, 'wsgi.multiprocess': False, 'wsgi.file_wrapper': <class 'wsgiref.util.FileWrapper'>}

I'm using Django 2.1.2 so cannot use request.headers as per the documentation: https://docs.djangoproject.com/en/3.0/ref/request-response/#attributes

Can someone please guide me on how to get the custom header parameter?

Thanks

Answer 1

If you are using django-cors-headers library, you have to first allow custom headers, otherwise they will be neglected. Add this to your settings file

from corsheaders.defaults import default_headers
CORS_ALLOW_HEADERS = list(default_headers) + [
    'X-AUTHORIZATION-KEY',  # whatever your header name is add here(without prefixing HTTP)
]

And also as documented here - https://docs.djangoproject.com/en/2.1/ref/request-response/#django.http.HttpRequest.META

With the exception of CONTENT_LENGTH and CONTENT_TYPE, as given above, any HTTP headers in the request are converted to META keys by converting all characters to uppercase, replacing any hyphens with underscores and adding an HTTP_ prefix to the name. So, for example, a header called X-Bender would be mapped to the META key HTTP_X_BENDER.

Assuming your header name is 'X-AUTHORIZATION-KEY', you will send only 'X-AUTHORIZATION-KEY' from curl/postman request and in your django code check for request_meta.get('HTTP_X_AUTHORIZATION_KEY')