Apache strips down “Authorization” header

Question

I\'m having a little issue with my Apache 2.2.15 Server. I\'m running a Django app on top of it with mod_wsgi. I activated WSGIPassAuthorization On, which made

Answer 1

Several modules will strip the Authorization header to try to enhance security by preventing scripts from seeing usernames, passwords, etc... unless the developer explicitly enables this. Many of these modules will allow this header if you simply add the following line to .htaccess: CGIPassAuth on (source: Apache docs and StackOverflow)