New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support parsing HTTP_AUTHORIZATION header in case of mod_wsgi deployment #77

frankdu opened this Issue Jul 10, 2011 · 0 comments


None yet
2 participants

frankdu commented Jul 10, 2011

Class method Request.from_request() checks 'Authorization' HTTP header for OAuth parameters. However, if you deploy web app with mod_wsgi, 2 important things happen:

  1. By default, Authorization header is dropped, and you need to use 'WSGIPassAuthorization On' to pass it to your web app codes, for example python/django codes.
  2. Authorization header is renamed to HTTP_AUTHORIZATION on passing mod_wsgi.

Therefore, to support this case on the server side, the class method Request.from_request() needs to look at HTTP_AUTHORIZATION header as well. It important for implementing OAuth provider services.

The fix is at Please check if it good for moving its ass to the master branch.

For more information, please refer to the links below. If anything supplemental is needed, please let me know.

Best Regards,


  1. Branch
  2. Explanation Article
  3. mod_wsgi: Access Control Mechanisms
  4. WSGIPassAuthorization Directive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment