[PATCH 1/3] Add config option user-envvar
Jason A. Donenfeld
Jason at zx2c4.com
Sun Oct 28 02:11:59 CET 2012
On Tue, Oct 16, 2012 at 3:15 AM, Valentin Haenel <valentin.haenel at gmx.de> wrote:
>
> When cgit sits on a backend server and relies on a set of
> front-ends to do authentication, it will read the username
> from an environment variable defined by this option.
>
> In this way, one can safely use any forwarded HTTP header
> and not only the expected REMOTE_USER variable set by the
> CGI standard.
Why is this necessary at all? Won't helper programs be given the full
environment of the parent program (cgit<--cgi server), and so it can
be up to the helper script to determine the username by getting the
env var itself? The book keeping inside cgit in this patch seems
wasteful.
More information about the CGit
mailing list