devashishbcsingh / modwsgi

Automatically exported from code.google.com/p/modwsgi
0 stars 0 forks source link

Be able to pass a value to the authentication script #314

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
Migrating from mod_python, I miss this a lot:

"""
PythonOption   "require"       "webdav_bt:jcea"
"""

I am passing to my script an option "require" with the value "webdav_bt:jcea".

Authentication scripts in mod_wsgi get a sanitized environment. I would like to 
inject values there, from the "httpd.conf" file. To avoid security issues, it 
could be inside a structure, like current "wsgi.errors" or "mod_ssl.var_lookup".

Original issue reported on code.google.com by j...@jcea.es on 17 Dec 2013 at 8:42

GoogleCodeExporter commented 8 years ago
I haven't tested it, but you may be able to use:

  Header set X-MyAuth-Require "webdav_bt:jcea"

This will require mod_headers and it will come through in the environ as:

  HTTP_X_MYAUTH_REQUIRE.

Usually mod_wsgi relies on SetEnv, but those variables aren't put into a place 
the mod_setenv that can get them until after authentication occurs. You may 
though be able to smuggle it through as a header.

Original comment by Graham.Dumpleton@gmail.com on 18 Dec 2013 at 12:56

GoogleCodeExporter commented 8 years ago
Would actually needed to have been:

Header set X-MyAuth-Require "webdav_bt:jcea" early

Not sure why not working though.

Any problem may be related to issues with mod_headers interaction described in:

https://github.com/GrahamDumpleton/mod_wsgi/issues/5

Going to close this issue here and create new issue for why not working on new 
issue tracker.

Original comment by Graham.Dumpleton@gmail.com on 31 Aug 2014 at 2:45