Process incoming HTTP headers in application on backend.proxy-setup

Caution: make sure the application is only accessible via a proxy
which will properly clear and set these headers, so that the end user
cannot gain extra privileges.

1 files changed, 8 insertions, 0 deletions

diff --git a/app.cgi b/app.cgi
index badc13a..31a9f4a 100755
--- a/app.cgi
+++ b/app.cgi
@@ -22,6 +22,14 @@ my $LOGIN = '/login';
 my $LOGOUT = '/logout';
 my $AUTH_COOKIE = 'the-test-cookie';
 
+if (defined $ENV{FRONTEND_SCRIPT_NAME}) {
+	$ENV{SCRIPT_NAME} = $ENV{FRONTEND_SCRIPT_NAME};
+
+	for my $x (map { /^HTTP_(REMOTE_USER.*)/ ? ($1) : () } keys %ENV) {
+		$ENV{$x} = $ENV{"HTTP_$x"};
+	}
+}
+
 my $q = new CGI;
 my $cookie = $q->cookie($AUTH_COOKIE);
 my ($user, $name);