Opened 5 months ago
Closed 5 months ago
#36443 closed Bug (duplicate)
Inconsistency when using custom authentication header
| Reported by: | trick77 | Owned by: | |
|---|---|---|---|
| Component: | contrib.auth | Version: | 5.2 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
process_request() and aprocess_request() don't handle the custom authentication header the same way. The async function adds a HTTP_ prefix, the other does not do so. This breaks existing Django setups which use a custom HTTP_* authentication header when migrating from pre-5.2.* setups (translates to HTTP_HTTP_*).
See:
https://github.com/django/django/blame/cf1a80fc2d19f359744a20bb6cb1f0a169ef506b/django/contrib/auth/middleware.py#L146
vs
https://github.com/django/django/blame/main/django/contrib/auth/middleware.py#L203
Note:
See TracTickets
for help on using tickets.
Duplicate of #36300