mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-11-27 03:54:01 +03:00
Update docs/api-guide/authentication.md
refined mod_wsgi
This commit is contained in:
parent
55cc745254
commit
f19d4ea8b1
|
@ -62,14 +62,14 @@ Or, if you're using the `@api_view` decorator with function based views.
|
||||||
|
|
||||||
## Apache mod_wsgi Specific Configuration
|
## Apache mod_wsgi Specific Configuration
|
||||||
|
|
||||||
Unlike other HTTP headers, the authorisation header is not passed through to a WSGI application by default. This is the case as doing so could leak information about passwords through to a WSGI application which should not be able to see them when Apache is performing authentication...
|
Unlike other HTTP headers, the authorisation header is not passed through to a WSGI application by default. This is the case as doing so could leak information about passwords through to a WSGI application which should not be able to see them when Apache is performing authentication.
|
||||||
|
|
||||||
If it is desired that the WSGI application be responsible for handling user authentication, then it is necessary to explicitly configure mod_wsgi to pass the required headers through to the application. This can be done by specifying the WSGIPassAuthorization directive in the appropriate context and setting it to 'On'.
|
If it is desired that the WSGI application be responsible for handling user authentication, then it is necessary to explicitly configure mod_wsgi to pass the required headers through to the application. This can be done by specifying the WSGIPassAuthorization directive in the appropriate context and setting it to 'On'.
|
||||||
|
|
||||||
# this can go in either server config, virtual host, directory or .htaccess
|
# this can go in either server config, virtual host, directory or .htaccess
|
||||||
WSGIPassAuthorization On
|
WSGIPassAuthorization On
|
||||||
|
|
||||||
[cite]: http://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIPassAuthorization
|
[Reference to official mod_wsgi documentation][mod_wsgi_official]
|
||||||
|
|
||||||
# API Reference
|
# API Reference
|
||||||
|
|
||||||
|
@ -157,3 +157,4 @@ To implement a custom authentication policy, subclass `BaseAuthentication` and o
|
||||||
[permission]: permissions.md
|
[permission]: permissions.md
|
||||||
[throttling]: throttling.md
|
[throttling]: throttling.md
|
||||||
[csrf-ajax]: https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax
|
[csrf-ajax]: https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax
|
||||||
|
[mod_wsgi_official]: http://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIPassAuthorization
|
||||||
|
|
Loading…
Reference in New Issue
Block a user