[英]Authorization header field absent in request.headers() and request.META when using Apache, Preflight CORS error in browser when using custom header
I have my Rest Framework API's up and running on an AWS EC2 instance.我在 AWS EC2 实例上启动并运行了我的 Rest Framework API。 I have set up Apache and added SSL certificate.
我已经设置了 Apache 并添加了 SSL 证书。 I'm using my own custom token authentication.
我正在使用我自己的自定义令牌身份验证。
Passing Authorization as header - On doing post request from both Postman and React , the header is not received in request.headers("Authorization")
and request.META["HTTP_AUTHORIZATION"]
.将授权作为标头传递- 在从Postman 和 React执行发布请求时,在
request.headers("Authorization")
和request.META["HTTP_AUTHORIZATION"]
未收到标头。
Passing Authorization2 or x-api-key as header -传递 Authorization2 或 x-api-key 作为标头-
Access to fetch at 'https://www.myapi.live/api/project/add/8/' from origin 'http://localhost:3000' has been blocked by CORS policy: Request header field authorization2 is not allowed by Access-Control-Allow-Headers in preflight response.
Access to fetch at 'https://www.myapi.live/api/project/add/8/' from origin 'http://localhost:3000' has been blocked by CORS policy: Request header field authorization2 is not allowed by Access-Control-Allow-Headers in preflight response.
I have already tried including Access-control-origin Header in React and setting django-cors-headers at backend.我已经尝试在 React 中包含 Access-control-origin Header 并在后端设置 django-cors-headers。 But it doesn't help.
但它没有帮助。
0.0.0.0:8000
instead of apache https url-0.0.0.0:8000
处公开 runserver而不是 apache https url- Here's my 000-default.conf
in both sites-enabled
and sites-available
这是我在
sites-enabled
sites-available
sites-enabled
000-default.conf
<VirtualHost *:80>
ServerName www.myapi.live
ServerAdmin webmaster@localhost
DocumentRoot /home/ubuntu/django/project
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /static /home/ubuntu/django/project/static
<Directory /home/ubuntu/django/project/static>
Require all granted
</Directory>
<Directory /home/ubuntu/django/project/project>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIDaemonProcess project python-path=/home/ubuntu/django/project python-home=/home/ubuntu/django/myenv
WSGIProcessGroup project
WSGIScriptAlias / /home/ubuntu/django/project/project/wsgi.py
WSGIPassAuthorization On
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.myapi.live
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</VirtualHost>
So I added WSGIPassAuthorization On
to my apache.conf
file which resides in the parent directory just outside of sites-enabled
.因此,我将
WSGIPassAuthorization On
添加到我的apache.conf
文件中,该文件位于sites-enabled
之外的父目录中。 Doing these changes made it work like a charm and apache no longer strips the Authorization
header.进行这些更改使它像魅力一样工作,并且 apache 不再剥离
Authorization
标头。
Just in case this can be of help to someone else in future!以防万一这可以在将来对其他人有所帮助! Thanks!
谢谢!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.