minor #14140 Add documentation about impersonating users with an HTTP Header (srogier)

javiereguiluz · javiereguiluz · commit 715ff86372db · 2020-09-07T20:44:58.000+02:00
This PR was submitted for the 3.4 branch but it was merged into the 4.4 branch instead. Discussion ---------- Add documentation about impersonating users with an HTTP Header Commits ------- 399ed2b Add documentation about impersonating users with an HTTP Header
diff --git a/security/impersonating_user.rst b/security/impersonating_user.rst
@@ -72,6 +72,11 @@ as the value to the current URL:
 
     http://example.com/somewhere?_switch_user=thomas
 
+.. tip::
+
+    Instead of adding a ``_switch_user`` query string parameter, you can pass
+    the username in a ``HTTP_X_SWITCH_USER`` header.
+
 To switch back to the original user, use the special ``_exit`` username:
 
 .. code-block:: text
@@ -197,7 +202,7 @@ Limiting User Switching
 
 If you need more control over user switching, you can use a security voter. First,
 configure ``switch_user`` to check for some new, custom attribute. This can be
-anything, but *cannot* start with ``ROLE_`` (to enforce that only your voter will 
+anything, but *cannot* start with ``ROLE_`` (to enforce that only your voter will
 be called):
 
 .. configuration-block::
