【发布时间】:2021-09-23 01:49:57
【问题描述】:
当 CopyLeaks 将完成的 webhook 发送到我的服务器时,我会发出如下send an export 请求(请注意,我指定的是“标头”)
{
"completionWebhook": "***REDACTED***/copyleaks/webhook/exported/56",
"crawledVersion": {
"endpoint": "***REDACTED***/copyleaks/webhook/crawled/56",
"headers": [
[
"Authorization",
"PRECI ***REDACTED***"
]
],
"verb": "POST"
},
"results": [
{
"endpoint": "***REDACTED***/copyleaks/webhook/result/56/2a1b402420",
"headers": [
[
"Authorization",
"PRECI ***REDACTED***"
]
],
"id": "2a1b402420",
"verb": "POST"
}
]
}
但是当 CopyLeaks 将结果提交到指定的 URL 时,我没有看到“授权”标头。 我的 Django 网站正在接收结果请求。这是 what Django shows 的标题:
{'UNIQUE_ID': 'YO5jaCH4wN9w5X3ozii3nQAAAAY', 'SSL_TLS_SNI': 'dev.earlychildhoodeducator.com', 'GATEWAY_INTERFACE': 'CGI/1.1', 'SERVER_PROTOCOL': 'HTTP/1.1', 'REQUEST_METHOD': 'POST', 'QUERY_STRING': '', 'REQUEST_URI': '/copyleaks/webhook/crawled/56', 'SCRIPT_NAME': '', 'PATH_INFO': '/copyleaks/webhook/crawled/56', 'PATH_TRANSLATED': '***REDACTED***/wsgi.py/copyleaks/webhook/crawled/56', 'HTTP_CONNECTION': 'keep-alive', 'HTTP_KEEP_ALIVE': '600', 'HTTP_ACCEPT_ENCODING': 'gzip', 'CONTENT_LENGTH': '179', 'HTTP_HOST': 'dev.earlychildhoodeducator.com', 'SERVER_SIGNATURE': '', 'SERVER_SOFTWARE': 'Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/4.6.2 Python/3.6', 'SERVER_NAME': 'dev.earlychildhoodeducator.com', 'SERVER_ADDR': '10.68.195.10', 'SERVER_PORT': '443', 'REMOTE_ADDR': '35.239.30.65', 'DOCUMENT_ROOT': '/var/data/websites/dev.earlychildhoodeducator.com/static', 'REQUEST_SCHEME': 'https', 'CONTEXT_PREFIX': '', 'CONTEXT_DOCUMENT_ROOT': '/var/data/websites/dev.earlychildhoodeducator.com/static', 'SERVER_ADMIN': 'tech@earlychildhoodeducator.com', 'SCRIPT_FILENAME': '/var/data/websites/dev.earlychildhoodeducator.com/main/wsgi.py', 'REMOTE_PORT': '39827', 'mod_wsgi.script_name': '', 'mod_wsgi.path_info': '/copyleaks/webhook/crawled/56', 'mod_wsgi.process_group': 'pacrimdev', 'mod_wsgi.application_group': 'dev.earlychildhoodeducator.com|', 'mod_wsgi.callable_object': 'application', 'mod_wsgi.request_handler': 'wsgi-script', 'mod_wsgi.handler_script': '', 'mod_wsgi.script_reloading': '1', 'mod_wsgi.listener_host': '', 'mod_wsgi.listener_port': '443', 'mod_wsgi.enable_sendfile': '0', 'mod_wsgi.ignore_activity': '0', 'mod_wsgi.request_start': '1626235752847504', 'mod_wsgi.request_id': 'YO5jaCH4wN9w5X3ozii3nQAAAAY', 'mod_wsgi.queue_start': '1626235752847648', 'mod_wsgi.daemon_connects': '1', 'mod_wsgi.daemon_restarts': '0', 'mod_wsgi.daemon_start': '1626235752847734', 'mod_wsgi.script_start': '1626235752847820', 'wsgi.version': (1, 0), 'wsgi.multithread': True, 'wsgi.multiprocess': False, 'wsgi.run_once': False, 'wsgi.url_scheme': 'https', 'wsgi.errors': <_io.TextIOWrapper name='<wsgi.errors>' encoding='utf-8'>, 'wsgi.input': <mod_wsgi.Input object at 0x7f7e765b3dc0>, 'wsgi.input_terminated': True, 'wsgi.file_wrapper': <class 'mod_wsgi.FileWrapper'>, 'apache.version': (2, 4, 6), 'mod_wsgi.version': (4, 6, 2), 'mod_wsgi.total_requests': 4, 'mod_wsgi.thread_id': 3, 'mod_wsgi.thread_requests': 0}
我对 CopyLeaks 的导出请求有问题吗?或者 CopyLeaks 在使用沙箱时可能不会费心发送请求的 HTTP 标头?
【问题讨论】:
-
请求应具有指定的所有标头。使用沙盒模式不应更改附加的标头。我建议您使用requestbin.com 之类的服务进行独立测试,以确保您从 Copyleaks 服务器获得的确切信息。如果您发现
Authorization标头在那里 - 那么这是一个 Django 问题。如果没有,请告诉我。 -
感谢@No1Lives4Ever,不知何故 requestbin.com 似乎忽略了来自 copyleaks 的请求。但这让我想仔细检查服务器是否正在接收 HTTP 标头,并且看起来 Apache 在 HTTP 标头到达 Django 之前正在删除它们。我还没弄清楚为什么会这样,但这看起来不像是copyleaks的错。谢谢!
-
不,毕竟不是 Apache。这是一个 Django 问题:它删除了所有带有下划线的标题:code.djangoproject.com/ticket/25048 哎呀,希望他们记录下来......
标签: django copyleaks-api