Attach user identification headers to response (#453)

Add X-Takahe-User and X-Takahe-User-Identity headers to response, when available, to allow for better Nginx log enrichment.

Also drop these headers in Nginx so they aren't sent into the world. They probably aren't dangerous since they identfy the users _to themselves_ but strip it for now, just in case.
This commit is contained in:
Corry Haines 2023-01-20 16:20:14 -08:00 committed by GitHub
parent 349e1b8801
commit 46947279b0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 0 deletions

View file

@ -25,6 +25,10 @@ server {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
# The user header is available for logging, but not returned to the client
proxy_hide_header X-Takahe-User;
proxy_hide_header X-Takahe-Identity;
# Serve robots.txt from the non-collected dir as a special case.
location /robots.txt {
alias /takahe/static/robots.txt;

View file

@ -30,4 +30,10 @@ class IdentityMiddleware:
request.identity = None
response = self.get_response(request)
if request.user:
response.headers["X-Takahe-User"] = str(request.user)
if request.identity:
response.headers["X-Takahe-Identity"] = str(request.identity)
return response