我的Rest Framework API已经在AWS EC2实例上启动并运行。我已经设置了Apache并添加了SSL证书。我正在使用我自己的自定义令牌身份验证。
-
将授权作为标头传递-在从Postman和React执行post请求时,
request.headers("Authorization")和request.META["HTTP_AUTHORIZATION"]中未接收到标头。 -
将Authorization2或x-api-key作为标头传递-
- 邮差的作品
- 在React上,浏览器抛出错误
Access to fetch at 'https://www.myapi.live/api/project/add/8/' from origin 'http://localhost:3000' has been blocked by CORS policy: Request header field authorization2 is not allowed by Access-Control-Allow-Headers in preflight response.
我已经尝试在React中包含访问控制源Header,并在后端设置django-cors Header。但这无济于事。
-
将Authorization作为标头传递,但在
0.0.0.0:8000而不是apache https url处公开运行服务器-
- 邮差作品
- 也在React中工作
这是我在sites-enabled和sites-available中的000-default.conf
<VirtualHost *:80>
ServerName www.myapi.live
ServerAdmin webmaster@localhost
DocumentRoot /home/ubuntu/django/project
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /static /home/ubuntu/django/project/static
<Directory /home/ubuntu/django/project/static>
Require all granted
</Directory>
<Directory /home/ubuntu/django/project/project>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIDaemonProcess project python-path=/home/ubuntu/django/project python-home=/home/ubuntu/django/myenv
WSGIProcessGroup project
WSGIScriptAlias / /home/ubuntu/django/project/project/wsgi.py
WSGIPassAuthorization On
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.myapi.live
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</VirtualHost>
所以我将WSGIPassAuthorization On添加到我的apache.conf文件中,该文件位于sites-enabled之外的父目录中。做这些更改使它像一个符咒一样工作,apache不再剥离Authorization标头。
以防这对将来的其他人有帮助!谢谢