Changes between Initial Version and Version 1 of Ticket #9206, comment 16
- Timestamp:
- Jan 27, 2016, 5:03:44 AM (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #9206, comment 16
initial v1 2 2 > I misunderstood the statement in the Django documentation that I referenced in comment:10. I had hoped we could modify [browser:tags/trac-1.0.9/trac/web/standalone.py@:36,58#L36 AuthenticationMiddleware] to set the `REMOTE_USER` from an HTTP header, as in the [http://flask.pocoo.org/snippets/69/ flask example]. 3 3 4 That example is insecure, I think. If an HTTP header is set, the reverse proxy //must// remove the header from remote.4 That example is insecure, I think. If an HTTP header is used, the reverse proxy //must// remove the header from remote. 5 5 6 6 Apache 2.4: