Changes between Version 2 and Version 3 of Ticket #9206, comment 10
- Timestamp:
- Jan 25, 2016, 10:50:19 AM (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #9206, comment 10
v2 v3 1 1 It seems like the configuration option is unnecessary when the authenticator is packaged as a single-file plugins since the behavior can be controlled by enabling/disabling the plugin. 2 2 3 The security risk seems relatively low provided there are no caveats to the statement documented on the Django site:3 The security risk seems relatively low provided there are no caveats to the statement documented on the [https://docs.djangoproject.com/en/1.9/howto/auth-remote-user Django site]: 4 4 5 5 > This warning doesn’t apply to !RemoteUserMiddleware in its default configuration with header = 'REMOTE_USER', since a key that doesn’t start with HTTP_ in request.META can only be set by your WSGI server, not directly from an HTTP request header.