[Web-SIG] Logging the authenticated user (was Re: Bowing out)

Phillip J. Eby pje at telecommunity.com
Wed Feb 8 18:38:22 CET 2006

At 10:47 AM 2/8/2006 -0500, Clark C. Evans wrote:
>On Tue, Feb 07, 2006 at 09:20:38PM -0500, Phillip J. Eby wrote:
>| At 08:22 PM 2/7/2006 -0500, Clark C. Evans wrote:
>| >I absolutely love wsgi.response_filtering, only I feel that it should be
>| >a *mutable* listing of the headers that the server should strip.  If
>| >the list is not present, then response filtering is not available. In
>| >particular, I think that requring 'X-Internal-' is not quite explicit
>| >enough and, at the same time, too limiting.
>| I don't understand what you want to do with this.  Can you be more
>| specific about what's limiting and how, not to mention what you expect
>| to do with this mutable list?  Thanks.
>I think it is unnecessarly limiting since you might want the server to
>filter (not send to the client) other headers, such as something like
>the Meter header defined in RFC 2227.  This seems like a generally
>useful feature; I don't see the need to restrict it to only headers
>starting with 'X-Internal-'.
>At the same time, explicitly listing the headers you wish to filter
>isn't that much of a burden -- and actually helps document (paste.lint
>could, for example, issue warnings of all 'X-Internal-' headers that
>arn't listed for filtering; this could be used to catch spelling errors).

My concerns about this are that it introduces unnecessary coupling and 
doesn't reflect the intended use case, which is for allowing internal 
communication between WSGI servers and applications.  These are all 
internal headers, and I don't see how or why 'Meter' would be used with this.

It also seems to me that the spellcheck use case would be better handled by 
defining a 'wsgi.known_internal_headers' provided by the server to the 
application, so that the application can determine whether a particular 
piece of functionality is supported.  In other words, I still don't see the 
purpose of having a mutable; the environ key is for the server to 
communicate to the app, not the other way around.  (Which is done by the 
headers themselves.)

More information about the Web-SIG mailing list