FCGI and HTTP Authentication

Werkzeug provides a convenient mixin class to access the HTTP Authorization header, which makes it relatively easy to implement HTTP Authentication inside your WSGI application. However, you will experience a strange error, if you're moving your application from the internal Werkzeug development server to production using Apache mod_fcgi and flup as WSGI gateway: Authentication just doesn't work anymore, because the Authorization header is suddenly missing.

The reason of this mysterious problem is very simple (like it is for the most errors causing massive headache): Werkzeug keeps to the WSGI specification and reads the header out of the HTTP_AUTHORIZATION key in the WSGI environment dictionary. flup however passes the header inside the Authorization key. The following middleware fixes this by replacing the Authorization key with the correct one:

class FixFCGIAuthHeaderMiddleware(object):
    """Using flup as gateway to mod_fcgi passes the HTTP Authorization
    header inside the ``Authorization`` key.  This does not comply to WSGI
    specification, which defines the ``HTTP_AUTHORIZATION`` key.  Therefore
    Werkzeug's wrapper classes fail to read the HTTP Authorization header.
    This middleware provides a fix by replacing the ``Authorization`` key
    with the correct one.
    """
    def __init__(self, app):
        self.app = app

    def __call__(self, environ, start_response):
        if 'Authorization' in environ:
            environ['HTTP_AUTHORIZATION'] = environ.pop('Authorization')
        return self.app(environ, start_response)