Opened 12 years ago
Closed 12 years ago
#69 closed defect (wontfix)
remote_user not being passed through to uwsgi from uwsgi_params
| Reported by: | www.google.com/accounts/o8/id?id=AItOawlhQox4SfAgML9UE13hvpFe6SbFvxiINME | Owned by: | somebody |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-core | Version: | 1.1.x |
| Keywords: | uwsgi auth remote_user | Cc: | |
| uname -a: | Linux xxxx.anchor.net.au 3.1.0-1-amd64 #1 SMP Tue Nov 29 13:47:12 UTC 2011 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.1.11
built by gcc 4.6.2 (Debian 4.6.2-5) TLS SNI support enabled configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-debug --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_realip_module --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_xslt_module --with-ipv6 --with-sha1=/usr/include/openssl --with-md5=/usr/include/openssl --with-mail --with-mail_ssl_module --add-module=/tmp/buildd/nginx-1.1.11/debian/modules/nginx-echo --add-module=/tmp/buildd/nginx-1.1.11/debian/modules/nginx-upstream-fair |
||
Description
Hi,
nginx/trunk/conf/uwsgi_params is missing a line to pass through the $remote_user variable through to UWSGI. This breaks uwsgi hosted applications that need to know who was logged in when auth is enforced.
Could you please add the following line to nginx/trunk/conf/uwsgi_params?
uwsgi_param REMOTE_USER $remote_user;
Thanks!
David
Note:
See TracTickets
for help on using tickets.
I believe RFC 3875 (aka CGI) implies that REMOTE_USER have to be set only if request was indeed subject to authentication checks (and at least Apache does this).
Just passing $remote_user in all cases is wrong, as it's set regardless of the authentication fact and may mislead applications to think the user is indeed authenticated. Instead, set the parameter in question in the location where you use authentication. E.g.:
location /app/ { auth_basic "auth realm" auth_basic_user_file /path/to/file; uwsgi_pass ... include uwsgi_param; uwsgi_param REMOTE_USER $remote_user; uwsgi_param AUTH_TYPE Basic; }