#36200: Mention that RemoteUserMiddleware should be replaced when using custom
header middleware with RemoteUserBackend
-------------------------------------+-------------------------------------
Reporter: Joonas | Owner: Joonas Häkkinen
Häkkinen |
Type: | Status: assigned
Uncategorized |
Component: | Version: 5.1
Documentation | Keywords: REMOTE_USER,
Severity: Normal | authentication, middleware
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
REMOTE_USER authentication docs at
[https://docs.djangoproject.com/en/5.1/howto//auth-remote-user/] cover
using a custom middleware to read the username from HTTP headers. However,
it does not specify that the custom middleware should replace
`RemoteUserMiddleware` rather than be appended to `MIDDLEWARE`.
This is essentially a small omission and might be clear to experienced
Django users. However, at least for me, an experienced web developer but
totally new to Django, this was surprising and the resulting CSRF
validation failure made me suspect something completely different for two
full days. Thus I though that a small mention about ''replacing'' instead
of appending `RemoteUserMiddleware` with the custom one would be a
reasonable addition to the docs.
I will be opening a PR for this shortly unless you think this is not worth
including in the docs.
--
Ticket URL: <https://code.djangoproject.com/ticket/36200>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/010701951e0f1cd6-03936e6e-9446-49a1-999d-8b6c00392c29-000000%40eu-central-1.amazonses.com.
