[Web-SIG] Should system environment variables appear in a WSGI environ?
Phillip J. Eby
pje at telecommunity.com
Wed Dec 21 20:40:12 CET 2005
At 02:17 PM 12/21/2005 -0500, Jim Fulton wrote:
>The PEP describes CGI and WSGI ("wsgi.") environment variables that must
>and should be included. It also describes a mechanism for the server to
>add server-specific environment variables. It doesn't explicitly say
>that the server should not include other environment variables, such as
>process environment variables. It does say that all additional variables
>it provides should be documented, which could be construed to mean that
>it shouldn't add additional variables. :)
The intent was to say that if you provide additional CGI-like variables
(like HTTPS=on and SSL_PROTOCOL), you should document them.
>Would it be reasonable to say that a server should not include process
>environment variables?
No; the spec explicitly says the server can, and strongly implies they
should as a way to allow configuration of applications that expect to use
their environment as configuration. See:
http://www.python.org/peps/pep-0333.html#application-configuration
"""Servers and gateways should support this by allowing an application's
deployer to specify name-value pairs to be placed in environ. In the
simplest case, this support can consist merely of copying all operating
system-supplied environment variables from os.environ into the environ."""
So, if you cleanse the process environment, you should provide an
alternative way for application deployers to put name-value pairs into the
environ.
More information about the Web-SIG
mailing list