How to check contents of incoming HTTP header request

Question

I'm playing around with some APIs and I'm trying to figure this out.

I am making a basic HTTP authenticated request to my server via the API. As part of this request, the authenticated key is stored in the HTTP header as username.

So my question is, how do I get the contents of the incoming request such that I can perform a check against it?

What I am trying to do:

if incoming request has header == 'myheader':
    do some stuff
else:
    return ('not authorised')

For those interested, I am trying to get this to work.

UPDATE I am using Django

Which web framework are you using? They should all have an API to easily access HTTP header key-value pairs. — samplebias, Mar 24 '11 at 04:24
Try [the docs for Django's Httprequest](http://docs.djangoproject.com/en/dev/ref/request-response/#django.http.HttpRequest), specifically `HttpRequest.META`. That is a dictionary from which you can access the HTTP headers sent by the client. — samplebias, Mar 24 '11 at 04:43

score 6 · Accepted Answer · answered Mar 24 '11 at 05:16

http://docs.djangoproject.com/en/dev/ref/request-response/

HttpRequest.META

A standard Python dictionary containing all available HTTP headers. 
Available headers depend on the client and server, but here are some examples:

        CONTENT_LENGTH
        CONTENT_TYPE
        HTTP_ACCEPT_ENCODING
        HTTP_ACCEPT_LANGUAGE
        HTTP_HOST -- The HTTP Host header sent by the client.
        HTTP_REFERER -- The referring page, if any.
        HTTP_USER_AGENT -- The client's user-agent string.
        QUERY_STRING -- The query string, as a single (unparsed) string.
        REMOTE_ADDR -- The IP address of the client.
        REMOTE_HOST -- The hostname of the client.
        REMOTE_USER -- The user authenticated by the Web server, if any.
        REQUEST_METHOD -- A string such as "GET" or "POST".
        SERVER_NAME -- The hostname of the server.
        SERVER_PORT -- The port of the server.

With the exception of CONTENT_LENGTH and CONTENT_TYPE, as given above, any HTTP headers in the request are converted to META keys by converting all characters to uppercase, replacing any hyphens with underscores and adding an HTTP_ prefix to the name. So, for example, a header called X-Bender would be mapped to the META key HTTP_X_BENDER.

So:

if request.META['HTTP_USERNAME']:
    blah
else:
    blah

score 2 · Answer 2 · answered Mar 24 '11 at 04:48

2

The headers are stored in os.environ. So you can access the HTTP headers like this:

import os
if os.environ.haskey("SOME_HEADER"):
  # do something with the header, i.e. os.environ["SOME_HEADER"]

answered Mar 24 '11 at 04:48

William Niu

15,798
7
53
93

So I don't necessarily have to do this through Django? Is there any pro/con to either method? – super9 Mar 24 '11 at 04:58
It really depends on the application, i.e. what you are trying to do. The advantage of doing this server side is security; you can usually hide details from the user, as JavaScript is pretty much transparent to end users. – William Niu Mar 24 '11 at 05:12

How to check contents of incoming HTTP header request

2 Answers2

Linked