Changes between Version 1 and Version 2 of Ticket #9206, comment 16
- Timestamp:
- Jan 27, 2016, 5:04:16 AM (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #9206, comment 16
v1 v2 2 2 > I misunderstood the statement in the Django documentation that I referenced in comment:10. I had hoped we could modify [browser:tags/trac-1.0.9/trac/web/standalone.py@:36,58#L36 AuthenticationMiddleware] to set the `REMOTE_USER` from an HTTP header, as in the [http://flask.pocoo.org/snippets/69/ flask example]. 3 3 4 That example is insecure, I think. If an HTTP header is used, the reverse proxy //must// remove the header from remote.4 That example is insecure, I think. If an HTTP header is set on the reverse proxy, the reverse proxy //must// remove the header from remote. 5 5 6 6 Apache 2.4: