mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-11-23 01:57:00 +03:00
Update docs/api-guide/authentication.md
Added mod_wsgi specific instructions
This commit is contained in:
parent
0f0a07b732
commit
55cc745254
|
@ -60,6 +60,17 @@ Or, if you're using the `@api_view` decorator with function based views.
|
||||||
}
|
}
|
||||||
return Response(content)
|
return Response(content)
|
||||||
|
|
||||||
|
## Apache mod_wsgi Specific Configuration
|
||||||
|
|
||||||
|
Unlike other HTTP headers, the authorisation header is not passed through to a WSGI application by default. This is the case as doing so could leak information about passwords through to a WSGI application which should not be able to see them when Apache is performing authentication...
|
||||||
|
|
||||||
|
If it is desired that the WSGI application be responsible for handling user authentication, then it is necessary to explicitly configure mod_wsgi to pass the required headers through to the application. This can be done by specifying the WSGIPassAuthorization directive in the appropriate context and setting it to 'On'.
|
||||||
|
|
||||||
|
# this can go in either server config, virtual host, directory or .htaccess
|
||||||
|
WSGIPassAuthorization On
|
||||||
|
|
||||||
|
[cite]: http://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIPassAuthorization
|
||||||
|
|
||||||
# API Reference
|
# API Reference
|
||||||
|
|
||||||
## BasicAuthentication
|
## BasicAuthentication
|
||||||
|
|
Loading…
Reference in New Issue
Block a user