[Web-SIG] Should system environment variables appear in a WSGI environ?

Phillip J. Eby pje at telecommunity.com
Wed Dec 21 20:40:12 CET 2005

At 02:17 PM 12/21/2005 -0500, Jim Fulton wrote:
>The PEP describes CGI and WSGI ("wsgi.") environment variables that must
>and should be included. It also describes a mechanism for the server to
>add server-specific environment variables.  It doesn't explicitly say
>that the server should not include other environment variables, such as
>process environment variables.  It does say that all additional variables
>it provides should be documented, which could be construed to mean that
>it shouldn't add additional variables. :)

The intent was to say that if you provide additional CGI-like variables 
(like HTTPS=on and SSL_PROTOCOL), you should document them.

>Would it be reasonable to say that a server should not include process
>environment variables?

No; the spec explicitly says the server can, and strongly implies they 
should as a way to allow configuration of applications that expect to use 
their environment as configuration.  See:


"""Servers and gateways should support this by allowing an application's 
deployer to specify name-value pairs to be placed in environ. In the 
simplest case, this support can consist merely of copying all operating 
system-supplied environment variables from os.environ into the environ."""

So, if you cleanse the process environment, you should provide an 
alternative way for application deployers to put name-value pairs into the 

More information about the Web-SIG mailing list