[issue10751] WSGIREF - REMOTE_USER and REMOTE-USER collision

Changes by R. David Murray : -- nosy: +pje ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.o

[issue10751] WSGIREF - REMOTE_USER and REMOTE-USER collision

New submission from Alex Raitz : Clients can overwrite 'REMOTE_USER' header variable value with an arbitrary 'Remote-User' value by specifying the later after the former. This has tricky implications when a proxy server is being used, namely that if the proxy passes a re-written REMOTE_USER bu