[PATCH 1/3] Add config option user-envvar

Valentin Haenel valentin.haenel at gmx.de
Mon Oct 29 10:49:56 CET 2012


* Jason A. Donenfeld <Jason at zx2c4.com> [2012-10-28]:
> On Tue, Oct 16, 2012 at 3:15 AM, Valentin Haenel <valentin.haenel at gmx.de> wrote:
> >
> > When cgit sits on a backend server and relies on a set of
> > front-ends to do authentication, it will read the username
> > from an environment variable defined by this option.
> >
> > In this way, one can safely use any forwarded HTTP header
> > and not only the expected REMOTE_USER variable set by the
> > CGI standard.
> 
> 
> Why is this necessary at all? Won't helper programs be given the full
> environment of the parent program (cgit<--cgi server), and so it can
> be up to the helper script to determine the username by getting the
> env var itself? The book keeping inside cgit in this patch seems
> wasteful.

The only reason to fetch the remote_user would be to echo back an
appropriate error message.

V-




More information about the CGit mailing list