Check the headers attribute on requests

The oauth2_provider package stores a (custom) set of headers on the headers attribute instead of the default META attribute. Let's use it to look up our expected keys.
2026-05-21 13:51:53 +00:00 · 2020-12-23 10:26:15 -08:00 · 2020-12-23 10:26:15 -08:00 · 9ae2cdb168
commit 9ae2cdb168
parent ef5b645da2
2 changed files with 7 additions and 1 deletions
--- a/axes/signals.py
+++ b/axes/signals.py
@ -27,7 +27,11 @@ log = logging.getLogger(settings.AXES_LOGGER)
 user_locked_out = Signal(providing_args=['request', 'username', 'ip_address'])

 def request_meta_get(request, key, default_value=None):
-    return getattr(request, 'META', {}).get(key, default_value)
+    meta = getattr(request, 'META', {})
+    if not meta:
+        # oauth2_provider package stores META in headers
+        meta = getattr(request, 'headers', {})
+    return meta.get(key, default_value)


@receiver(user_login_failed)
--- a/axes/utils.py
+++ b/axes/utils.py
@ -53,6 +53,8 @@ def get_ip(request):
    """Parse IP address from REMOTE_ADDR or
    AXES_REVERSE_PROXY_HEADER if AXES_BEHIND_REVERSE_PROXY is set."""
    request_meta = getattr(request, "META", {})
+    if not request_meta:
+        request_meta = getattr(request, "headers", {})
    if settings.AXES_BEHIND_REVERSE_PROXY:
        # For requests originating from behind a reverse proxy,
        # resolve the IP address from the given AXES_REVERSE_PROXY_HEADER.