Re: [Django] #37025: Deprecate the prefixing of HTTP_ to header names in RemoteUserMiddleware.aprocess_request()

Thu, 09 Apr 2026 06:48:20 -0700 

#37025: Deprecate the prefixing of HTTP_ to header names in
RemoteUserMiddleware.aprocess_request()
------------------------------+---------------------------------------
     Reporter:  Jacob Walls   |                    Owner:  Jacob Walls
         Type:  Bug           |                   Status:  assigned
    Component:  contrib.auth  |                  Version:  5.2
     Severity:  Normal        |               Resolution:
     Keywords:                |             Triage Stage:  Unreviewed
    Has patch:  0             |      Needs documentation:  0
  Needs tests:  0             |  Patch needs improvement:  0
Easy pickings:  0             |                    UI/UX:  0
------------------------------+---------------------------------------
Comment (by Sarah Boyce):

 I think perhaps the docs example may need an update to show that the async
 case of setting `header` does not need the `HTTP_` prefix
 {{{
 If your authentication mechanism uses a custom HTTP header and not
 ``REMOTE_USER``, you can subclass ``RemoteUserMiddleware`` and set the
 ``header`` attribute to the desired ``request.META`` key. For example:

 .. code-block:: python
    :caption: ``mysite/middleware.py``

     from django.contrib.auth.middleware import RemoteUserMiddleware


     class CustomHeaderRemoteUserMiddleware(RemoteUserMiddleware):
         header = "HTTP_AUTHUSER"
 }}}

 I haven't confirmed this but I wonder if this might be the breaking change
 in our implementation, perhaps custom headers set like this used to work
 when `RemoteUserMiddleware` was using the `MiddlewareMixin` on ASGI but
 now do not, yet the default implementation probably didn't work to begin
 with. So _possibly_ a bug in the #31224 implementation, partially fixed by
 #35303 and broke something else.
-- 
Ticket URL: <https://code.djangoproject.com/ticket/37025#comment:6>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion visit 
https://groups.google.com/d/msgid/django-updates/0107019d72801312-73ab4445-40a6-4c2f-a9a9-843b95153e28-000000%40eu-central-1.amazonses.com.

Reply via email to