Someone who knows more than I will undoubtedtly come along and answer your question but...
My guess is it is Apache that is adding the HTML. Unless you are using your app as a Apache module under mod perl Apache is still going to handle the Authentication phase. Registry as I understand it doesn't come in until a later phase of the request. Mike ----- Original Message ----- From: "Mike Carlton" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 02, 2002 12:05 PM Subject: [cgiapp] how to set 403 status code with CGI::App? > I'm trying to do some authentication in cgiapp_prerun send back a 403 and send > the user to a different run mode if they need to log in (this is followup to my > earlier question -- due to my apps requirements I think it makes more sense to > do it here rather than via an Apache::Auth* module). > > The problem is that something (I'm guessing CGI.pm) is adding boilerplate HTML > explaining 403 after all my output is sent and that I don't want to appear. > > I've stripped down the code to a minimal working app, the code is attached > below. BTW, this is running under mod_perl via Apache::Registry. > > When I access the 'private' run mode, I get sent to the login form as expected, > but the boilerplate is attached after the login form output ends (i.e. after the > first </html>): > > <?xml version="1.0" encoding="utf-8"?> > <!DOCTYPE html > PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN" > "http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd";> > <html xmlns="http://www.w3.org/1999/xhtml"; lang="en-US"><head><title>Login</title> > </head><body><form method="post" action="/test/App.pl?rm=private" > enctype="application/x-www-form-urlencoded"> > <input type="text" name="password" /><input type="hidden" name="rm" > value="private" /><input type="submit" name=".submit" /> > </form></body></html><!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > <html><head> > <title>403 Forbidden</title> > </head><body> > <h1>Forbidden</h1> > You don't have permission to access /test/App.pl > on this server.<p> > </body></html> > > The curious thing is that if I run the app from the command line (./App.pl > rm=private) the extra boilerplate html is not added! > > Is it possible to suppress the extra html? I borrowed the approach of returning > 403 and a login page as the body from Apache::Authcookie. > > Thanks, > --Mike Carlton > > > ----- App.pl ----------------------------------------------- > #!/usr/bin/perl -w > use App; > my $app = App->new(); > $app->run(); > 1; > > ----- App.pm ----------------------------------------------- > #!/usr/bin/perl -w > package App; > use base 'CGI::Application'; > sub setup { > my $self = shift; > $self->start_mode('public'); > $self->mode_param('rm'); > $self->run_modes( > 'public' => 'do_generic', > 'private' => 'do_generic', > 'login' => 'do_login', > ); > } > > sub do_generic { > my $self = shift; > my $q = $self->query; > my $mode = $q->param('rm'); > my $output = $q->start_html(-title=>$mode); > $output .= $q->a({-href=>'?rm=private'}, 'private'); > $output .= $q->br; > $output .= $q->a({-href=>'?rm=public'}, 'public'); > $output .= $q->end_html(); > return $output; > } > > my $needs_auth = 1; > > sub do_login { > my $self = shift; > my $q = $self->query; > my $output = $q->start_html(-title=>'Login'); > $output .= $q->start_form(); > $output .= $q->textfield(-name=>'password'); > $output .= $q->hidden(-name=>'rm', -value=>'private'); > $output .= $q->submit(); > $output .= $q->end_form(); > $output .= $q->end_html(); > > $needs_auth = 0; > return $output; > } > > sub cgiapp_prerun > { > my ($self, $runmode) = @_; > > if ($runmode eq 'private' && $needs_auth) { > $runmode = 'login'; > $self->prerun_mode($runmode); > $self->header_type('header'); > $self->header_props(-status=>'403 Forbidden'); > } > } > > 1; > > > > > --------------------------------------------------------------------- > Web Archive: http://www.mail-archive.com/[email protected]/ > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/[email protected]/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
