Python Flask mod-wsgi Custom Headers not in Request

Question

I've a simple Python Flask application, which is being served by Apache via mod_wsgi.

The part of my application which works perfectly on my localhost, but does not work through mod_wsgi is the accessing of custom request headers.

When I request a certain web page, I pass it a header called auth_user. On my localhost, I am able to access this header as: request.headers["auth_user"], which works great. However when served through Apache and mod_wsgi, this custom header does not exist! Printing all request.headers shows that the standard Content-Type, Cache-Control headers are sent, but not the auth_user header which i've been sending to my localhost with no problem.

Tcpdump shows that the server is receiving the header, but it is not available in my request.headers.

Does anyone have any idea why this header is not being made available within the app?

Answer 1

Well this one took me many hours...

Turns out that only alphanumeric characters or '-' are allowed.

Any headers not conforming these will be ignored.

http://modwsgi.readthedocs.org/en/latest/release-notes/version-4.3.0.html <- Bug fixes, point 2.

Answer 2

The solution is to set the claim prefix to something without _ like

OIDCClaimPrefix OIDC-CLAIM-

Answer 3

Ensure your Apache configuration has the WSGIPassAuthorization directive set to 'On' so your headers get past Apache + WSGI and to your Flask app.