From mboxrd@z Thu Jan  1 00:00:00 1970
From: valentin.haenel at gmx.de (Valentin Haenel)
Date: Mon, 29 Oct 2012 10:49:56 +0100
Subject: [PATCH 1/3] Add config option user-envvar
In-Reply-To: <CAHmME9qv4FOjKS-ZHn-i7xuY=GXCfSYi8s0OhKte=VeXv=OVcQ@mail.gmail.com>
References: <1350378927-10834-1-git-send-email-valentin.haenel@gmx.de>
 <1350378927-10834-2-git-send-email-valentin.haenel@gmx.de>
 <CAHmME9qv4FOjKS-ZHn-i7xuY=GXCfSYi8s0OhKte=VeXv=OVcQ@mail.gmail.com>
Message-ID: <20121029094956.GE17370@kudu.in-berlin.de>

* Jason A. Donenfeld <Jason at zx2c4.com> [2012-10-28]:
> On Tue, Oct 16, 2012 at 3:15 AM, Valentin Haenel <valentin.haenel at gmx.de> wrote:
> >
> > When cgit sits on a backend server and relies on a set of
> > front-ends to do authentication, it will read the username
> > from an environment variable defined by this option.
> >
> > In this way, one can safely use any forwarded HTTP header
> > and not only the expected REMOTE_USER variable set by the
> > CGI standard.
> 
> 
> Why is this necessary at all? Won't helper programs be given the full
> environment of the parent program (cgit<--cgi server), and so it can
> be up to the helper script to determine the username by getting the
> env var itself? The book keeping inside cgit in this patch seems
> wasteful.

The only reason to fetch the remote_user would be to echo back an
appropriate error message.

V-