From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jason at zx2c4.com (Jason A. Donenfeld)
Date: Sat, 27 Oct 2012 19:11:59 -0600
Subject: [PATCH 1/3] Add config option user-envvar
In-Reply-To: <1350378927-10834-2-git-send-email-valentin.haenel@gmx.de>
References: <1350378927-10834-1-git-send-email-valentin.haenel@gmx.de>
 <1350378927-10834-2-git-send-email-valentin.haenel@gmx.de>
Message-ID: <CAHmME9qv4FOjKS-ZHn-i7xuY=GXCfSYi8s0OhKte=VeXv=OVcQ@mail.gmail.com>

On Tue, Oct 16, 2012 at 3:15 AM, Valentin Haenel <valentin.haenel at gmx.de> wrote:
>
> When cgit sits on a backend server and relies on a set of
> front-ends to do authentication, it will read the username
> from an environment variable defined by this option.
>
> In this way, one can safely use any forwarded HTTP header
> and not only the expected REMOTE_USER variable set by the
> CGI standard.


Why is this necessary at all? Won't helper programs be given the full
environment of the parent program (cgit<--cgi server), and so it can
be up to the helper script to determine the username by getting the
env var itself? The book keeping inside cgit in this patch seems
wasteful.