From a2e2470d787591d28f344b52c971d5899b104356 Mon Sep 17 00:00:00 2001
From: Tanner Prestegard <tanner.prestegard@ligo.org>
Date: Thu, 14 Feb 2019 14:51:07 -0600
Subject: [PATCH] Make X509 headers start with 'HTTP'

---
 config/settings/base.py | 4 ++--
 gracedb/api/backends.py | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/config/settings/base.py b/config/settings/base.py
index affca13cf..5d2d61a98 100644
--- a/config/settings/base.py
+++ b/config/settings/base.py
@@ -271,8 +271,8 @@ SHIB_ATTRIBUTE_MAP = {
 # Headers to use for X509 authentication
 X509_SUBJECT_DN_HEADER = 'HTTP_SSL_CLIENT_S_DN'
 X509_ISSUER_DN_HEADER = 'HTTP_SSL_CLIENT_I_DN'
-X509_CERT_HEADER = 'X_FORWARDED_TLS_CLIENT_CERT'
-X509_INFOS_HEADER = 'X_FORWARDED_TLS_CLIENT_CERT_INFOS'
+X509_CERT_HEADER = 'HTTP_X_FORWARDED_TLS_CLIENT_CERT'
+X509_INFOS_HEADER = 'HTTP_X_FORWARDED_TLS_CLIENT_CERT_INFOS'
 
 # List of authentication backends to use when attempting to authenticate
 # a user.  Will be used in this order.  Authentication for the API is
diff --git a/gracedb/api/backends.py b/gracedb/api/backends.py
index ba273c6ff..2d4dd5ff2 100644
--- a/gracedb/api/backends.py
+++ b/gracedb/api/backends.py
@@ -168,7 +168,7 @@ class GraceDbX509CertInfosAuthentication(GraceDbX509Authentication):
     """
     api_only = True
     infos_header = getattr(settings, 'X509_INFOS_HEADER',
-        'X_FORWARDED_TLS_CLIENT_CERT_INFOS')
+        'HTTP_X_FORWARDED_TLS_CLIENT_CERT_INFOS')
     infos_pattern = re.compile(r'Subject="(.*?)".*Issuer="(.*?)"')
 
     @classmethod
@@ -210,7 +210,7 @@ class GraceDbX509FullCertAuthentication(GraceDbX509Authentication):
     api_only = True
     www_authenticate_realm = 'api'
     cert_header = getattr(settings, 'X509_CERT_HEADER',
-        'X_FORWARDED_TLS_CLIENT_CERT')
+        'HTTP_X_FORWARDED_TLS_CLIENT_CERT')
 
     def authenticate(self, request):
 
-- 
GitLab