[Web-SIG] Logging the authenticated user (was Re: Bowing out)

Clark C. Evans cce at clarkevans.com
Wed Feb 8 16:47:26 CET 2006

On Tue, Feb 07, 2006 at 09:20:38PM -0500, Phillip J. Eby wrote:
| At 08:22 PM 2/7/2006 -0500, Clark C. Evans wrote:
| >I absolutely love wsgi.response_filtering, only I feel that it should be
| >a *mutable* listing of the headers that the server should strip.  If
| >the list is not present, then response filtering is not available. In
| >particular, I think that requring 'X-Internal-' is not quite explicit
| >enough and, at the same time, too limiting.
| I don't understand what you want to do with this.  Can you be more 
| specific about what's limiting and how, not to mention what you expect 
| to do with this mutable list?  Thanks.

I think it is unnecessarly limiting since you might want the server to
filter (not send to the client) other headers, such as something like
the Meter header defined in RFC 2227.  This seems like a generally
useful feature; I don't see the need to restrict it to only headers
starting with 'X-Internal-'. 

At the same time, explicitly listing the headers you wish to filter
isn't that much of a burden -- and actually helps document (paste.lint
could, for example, issue warnings of all 'X-Internal-' headers that
arn't listed for filtering; this could be used to catch spelling errors).

Kind Regards,


More information about the Web-SIG mailing list