#36443: Inconsistency when using custom authentication header
-------------------------+----------------------------------------
Reporter: trick77 | Type: Bug
Status: new | Component: contrib.auth
Version: 5.2 | Severity: Normal
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------+----------------------------------------
process_request() and aprocess_request() don't handle the custom
authentication header the same way. The async function adds a HTTP_
prefix, the other does not do so. This breaks existing Django setups which
use a custom HTTP_* authentication header when migrating from pre-5.2.*
setups (translates to HTTP_HTTP_*).
See:
https://github.com/django/django/blame/cf1a80fc2d19f359744a20bb6cb1f0a169ef506b/django/contrib/auth/middleware.py#L146
vs
https://github.com/django/django/blame/main/django/contrib/auth/middleware.py#L203
--
Ticket URL: <https://code.djangoproject.com/ticket/36443>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/0107019743d8ce49-4a41f7f3-9163-4018-bf1b-bab8f3e0f0fd-000000%40eu-central-1.amazonses.com.
