diff -r 97f44b0720e2 -r 02bea04b4c54 mercurial/hgweb/common.py
--- a/mercurial/hgweb/common.py	Sat Mar 10 20:16:20 2018 -0800
+++ b/mercurial/hgweb/common.py	Sat Mar 10 18:19:27 2018 -0800
@@ -46,7 +46,7 @@
     authentication info). Return if op allowed, else raise an ErrorResponse
     exception.'''
 
-    user = req.env.get(r'REMOTE_USER')
+    user = req.remoteuser
 
     deny_read = hgweb.configlist('web', 'deny_read')
     if deny_read and (not user or ismember(hgweb.repo.ui, user, deny_read)):
@@ -62,14 +62,13 @@
         return
 
     # enforce that you can only push using POST requests
-    if req.env[r'REQUEST_METHOD'] != r'POST':
+    if req.method != 'POST':
         msg = 'push requires POST request'
         raise ErrorResponse(HTTP_METHOD_NOT_ALLOWED, msg)
 
     # require ssl by default for pushing, auth info cannot be sniffed
     # and replayed
-    scheme = req.env.get('wsgi.url_scheme')
-    if hgweb.configbool('web', 'push_ssl') and scheme != 'https':
+    if hgweb.configbool('web', 'push_ssl') and req.urlscheme != 'https':
         raise ErrorResponse(HTTP_FORBIDDEN, 'ssl required')
 
     deny = hgweb.configlist('web', 'deny_push')