request.headers.get('Authorization') is empty in Flask production

Question

I have the following flask method that simple returns back the value of the Authorization header:

@app.route('/test', methods=['POST'])
def test():
   return jsonify({"data" : request.headers.get('Authorization') })

When I submit the following curl request to my API which has been deployed to a DO instance, the header comes back as null:

curl --data '' -H "Authorization: test" api.mysite.com/test

{
 "data": null
}

Yet when I submit the same request on my instance running locally it returns the header contents

{
  "data": "test"
}

Any ideas?

Apache needed some additional configuration denoted here: http://stackoverflow.com/questions/13387516/authorization-header-missing-in-django-rest-framework-is-apache-to-blame — user1686342, Aug 13 '16 at 16:04

score 1 · Answer 1 · answered Aug 13 '16 at 03:17

1

Have you tried using a proper Authorization header? Possibly the header is being filtered out by a web application firewall or proxy because it doesn't specify a scheme. For example:

curl --data '' -H "Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=" api.mysite.com/test

This sends a basic authorization header with the base64 encoded credentials username:password.

answered Aug 13 '16 at 03:17

mhawke

75,264
8
92
125

I gave that a shot but it still doesn't seem to work. I think it may need some additional apache configuration to work. I'll have to see... – user1686342 Aug 13 '16 at 15:59
1

Just found the answer here http://stackoverflow.com/questions/13387516/authorization-header-missing-in-django-rest-framework-is-apache-to-blame – user1686342 Aug 13 '16 at 16:03

request.headers.get('Authorization') is empty in Flask production

1 Answers1