使用 Apache 时 request.headers() 和 request.META 中缺少授权头字段,使用自定义头时浏览器中的 Preflight CORS 错误
[英]Authorization header field absent in request.headers() and request.META when using Apache, Preflight CORS error in browser when using custom header
问题描述
I have my Rest Framework API's up and running on an AWS EC2 instance.
我在 AWS EC2 实例上启动并运行了我的 Rest Framework API。 I have set up Apache and added SSL certificate.我已经设置了 Apache 并添加了 SSL 证书。 I'm using my own custom token authentication.我正在使用我自己的自定义令牌身份验证。
Passing Authorization as header - On doing post request from both Postman and React , the header is not received in
request.headers("Authorization")andrequest.META["HTTP_AUTHORIZATION"].将授权作为标头传递- 在从Postman 和 React执行发布请求时,在request.headers("Authorization")和request.META["HTTP_AUTHORIZATION"]未收到标头。Passing Authorization2 or x-api-key as header -
传递 Authorization2 或 x-api-key 作为标头-
- Works fine from Postman邮递员工作正常
- On React, browser throws error
Access to fetch at 'https://www.myapi.live/api/project/add/8/' from origin 'http://localhost:3000' has been blocked by CORS policy: Request header field authorization2 is not allowed by Access-Control-Allow-Headers in preflight response.在 React 上,浏览器抛出错误Access to fetch at 'https://www.myapi.live/api/project/add/8/' from origin 'http://localhost:3000' has been blocked by CORS policy: Request header field authorization2 is not allowed by Access-Control-Allow-Headers in preflight response.
I have already tried including Access-control-origin Header in React and setting django-cors-headers at backend.我已经尝试在 React 中包含 Access-control-origin Header 并在后端设置 django-cors-headers。 But it doesn't help.但它没有帮助。
- Passing Authorization as header but exposing runserver at
0.0.0.0:8000instead of apache https url-将授权作为标头传递但在0.0.0.0:8000处公开 runserver而不是 apache https url-
- Works in Postman在邮递员工作
- Works in React too也适用于 React
Here's my 000-default.conf in both sites-enabled and sites-available这是我在sites-enabled sites-available sites-enabled 000-default.conf
<VirtualHost *:80>
ServerName www.myapi.live
ServerAdmin webmaster@localhost
DocumentRoot /home/ubuntu/django/project
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /static /home/ubuntu/django/project/static
<Directory /home/ubuntu/django/project/static>
Require all granted
</Directory>
<Directory /home/ubuntu/django/project/project>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIDaemonProcess project python-path=/home/ubuntu/django/project python-home=/home/ubuntu/django/myenv
WSGIProcessGroup project
WSGIScriptAlias / /home/ubuntu/django/project/project/wsgi.py
WSGIPassAuthorization On
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.myapi.live
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</VirtualHost>
1 个解决方案
解决方案1
1 2020-11-25 10:02:51
So I added WSGIPassAuthorization On to my apache.conf file which resides in the parent directory just outside of sites-enabled .因此,我将WSGIPassAuthorization On添加到我的apache.conf文件中,该文件位于sites-enabled之外的父目录中。 Doing these changes made it work like a charm and apache no longer strips the Authorization header.进行这些更改使它像魅力一样工作,并且 apache 不再剥离Authorization标头。
Just in case this can be of help to someone else in future!以防万一这可以在将来对其他人有所帮助! Thanks!谢谢!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.