theforeman
diff --git a/‎src/roles/httpd/templates/external_auth.conf.j2‎
Lines changed: 5 additions & 5 deletions b/‎src/roles/httpd/templates/external_auth.conf.j2‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎src/roles/httpd/templates/foreman-ssl-vhost.conf.j2‎
Lines changed: 4 additions & 4 deletions b/‎src/roles/httpd/templates/foreman-ssl-vhost.conf.j2‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎tests/fixtures/help/features.txt‎ b/‎tests/fixtures/help/features.txt‎
diff --git a/‎tests/fixtures/help/migrate.txt‎ b/‎tests/fixtures/help/migrate.txt‎
diff --git a/‎tests/httpd_test.py‎
Lines changed: 4 additions & 0 deletions b/‎tests/httpd_test.py‎
Lines changed: 4 additions & 0 deletions
@@ -15,11 +15,11 @@
   LookupUserGroupsIter REMOTE_USER_GROUP
 
   # Set headers for proxy requests
-  RequestHeader set REMOTE_USER %{REMOTE_USER}e
-  RequestHeader set REMOTE_USER_EMAIL %{REMOTE_USER_EMAIL}e
-  RequestHeader set REMOTE_USER_FIRSTNAME %{REMOTE_USER_FIRSTNAME}e
-  RequestHeader set REMOTE_USER_LASTNAME %{REMOTE_USER_LASTNAME}e
-  RequestHeader set REMOTE_USER_GROUPS %{REMOTE_USER_GROUPS}e
+  RequestHeader set REMOTE-USER %{REMOTE_USER}e
+  RequestHeader set REMOTE-USER-EMAIL %{REMOTE_USER_EMAIL}e
+  RequestHeader set REMOTE-USER-FIRSTNAME %{REMOTE_USER_FIRSTNAME}e
+  RequestHeader set REMOTE-USER-LASTNAME %{REMOTE_USER_LASTNAME}e
+  RequestHeader set REMOTE-USER-GROUPS %{REMOTE_USER_GROUPS}e
 </LocationMatch>
 
 # GSSAPI/Kerberos authentication for web UI
 
@@ -11,10 +11,10 @@
 
   ## Request header rules
   ## as per http://httpd.apache.org/docs/2.4/mod/mod_headers.html#requestheader
-  RequestHeader set X_FORWARDED_PROTO "https"
-  RequestHeader set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s"
-  RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
-  RequestHeader set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}s"
+  RequestHeader set X-FORWARDED-PROTO "https"
+  RequestHeader set SSL-CLIENT-S-DN "%{SSL_CLIENT_S_DN}s"
+  RequestHeader set SSL-CLIENT-CERT "%{SSL_CLIENT_CERT}s"
+  RequestHeader set SSL-CLIENT-VERIFY "%{SSL_CLIENT_VERIFY}s"
   RequestHeader unset REMOTE-USER
   RequestHeader unset REMOTE_USER
   RequestHeader unset REMOTE-USER-EMAIL
 
@@ -104,3 +104,7 @@ def test_httpd_event_conf_contains_threads_per_child(server):
 def test_httpd_config_syntax(server):
     cmd = server.run("httpd -t")
     assert cmd.succeeded
+
+def test_httpd_headers_use_dashes(server):
+    cmd = server.run("grep -rPn 'RequestHeader\\s+set\\s+\\S*_\\S*\\s' /etc/httpd/conf.d/foreman.conf /etc/httpd/conf.d/foreman-ssl.conf /etc/httpd/conf.d/05-foreman.d/ /etc/httpd/conf.d/05-foreman-ssl.d/ 2>/dev/null")
+    assert cmd.stdout.strip() == '', f"HTTP header names should use dashes, not underscores:\n{cmd.stdout}"