Add django-specific notes for PROXY_HEADER config (#609)

* Add django-specific notes for PROXY_HEADER config

* Update security.md
This commit is contained in:
p-b-- 2023-03-22 15:41:44 -04:00 committed by GitHub
parent d9795556c1
commit 77d4ba1920
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions

View File

@ -54,13 +54,16 @@ Each entry must contain both the scheme (http, https) and fully-qualified domain
Sets the header to read the authenticated username from when
`REVERSE_PROXY_AUTH` has been enabled.
Baby Buddy modifies headers in the HTTP request; HTTP headers in the request have all characters converted to uppercase, replacing any hyphens with underscores and adding an HTTP_ prefix to the name. For example `X-Auth-User` would be converted to `HTTP_X_AUTH_USER`.
**Example value**
// For header key X-Auth-User
HTTP_X_AUTH_USER
**See also**
- [Django's documentation on the `REMOTE_USER` authentication method](https://docs.djangoproject.com/en/4.1/howto/auth-remote-user/)
- [Django's documentation on the request.META object](https://docs.djangoproject.com/en/4.1/ref/request-response/#django.http.HttpRequest.META)
- [`REVERSE_PROXY_AUTH`](#reverse_proxy_auth)
## `REVERSE_PROXY_AUTH`