I am trying to determine why authentication for secure resources using the Authorization: header behaves correctly when using the local development server, but not in my deployed apache 2.2 w / mod_wsgi implementation.
I am using django 1.8 with django-rest-framework and django-rest-framework-jwt lib for JWT based authentication. Apache server - version 2.2 with mod_wsgi. All this works on an ubuntu 12.04 instance (python 2.7).
The working case with the manage.py management server on localhost:
# manage.py runserver is running curl -s -X POST \ -d '{"username":" test@test.com ", "password":}' \ http://localhost:8000/portfolio/login # Response as expected: ##> {"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp..."} # Using above token as $TOKEN_STR with JWT prefix for Auth header: curl -X GET -H "Content-Type: application/json" \ -H "Authorization: $TOKEN_STR" \ http://localhost:8000/portfolio # Response as expected ##> {"data":"[...]"}
Broken case with apache2.2 mod_wsgi:
curl -s -X POST \ -d '{"username":" test@test.com ", "password":}' \ http://myremote.com/django/portfolio/login # Response as expected: ##> {"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp..."} # Using above token as $TOKEN_STR with JWT prefix for Auth header: curl -X GET -H "Content-Type: application/json" \ -H "Authorization: $TOKEN_STR" \ http://myremote.com/django/portfolio # Response behaves as authentication not even there w/403 or 401: ##> {"detail": "Authentication credentials were not provided."}
Apache site configuration
#### DJANGO APP #### LogLevel info WSGIDaemonProcess dev processes=2 threads=15 WSGIProcessGroup dev WSGIScriptAlias /django /webapps/django/config/wsgi.py <Directory /webapps/django> Order allow,deny Allow from all </Directory> ### DJANGO APP ####
Perhaps appropriate configurations
config.py
#
cerd
source share