Re: [Zope-dev] Bug in Zope VersionControl
On Thu, Jun 07, 2001 at 08:30:26PM +0200, Christian Theune wrote: Okay ... I admit using opera and enjoying it. Problem is, that opera is sooo standardsconform. See Zope/lib/python/Products/OFSP/Version.py:175 in function enter() Somebody thats the path for the cookie as SCRIPT_NAME. This seems that the scope of the versions should be limited to the subtree where the version object was instanciated. Nice idea. But this doesn't work. First: Internet Explorer and Netscape ignore the path of the cookie and assume '/'. Second: Opera is conform to the rfc of http 1.1, and this means, that the cookie is only valid for the version itself, and is not used in any place out of http://myzope:8080/blaah/myVersion Proposed solution: Change the path to '/'. And have the same behaviour on all browsers. Or: Change the path to REQUEST[URL1] (is this the parent folder?) and have the intended mechanism working at least on opera. The last is my personal favorite, because you can have different versions concurrently open on different projects @ one server. Proposed patch for both solutions comes as attachement. REQUEST['SCRIPT_NAME'] is the root of the Zope server. In a pure ZServer environment, this is '/'. In a situation where the Zope server is running behind another webserver, and is not at the root of that server, SCRIPT_NAME represents the path to the Zope server. For instance, if your Zope server is presented to the outside world as 'http://a.server.com/a/path/to/zope/' then SCRIPT_NAME will be '/a/path/to/zope/', whereever you are in the Zope object hierarchy. Thus, a version cookie is bound to the root of the Zope server. In your case, it seems that Opera is ignoring the cookie path altogether, and instead falls back on the default, which is the path of the Version object itself. -- Martijn Pieters | Software Engineer mailto:[EMAIL PROTECTED] | Digital Creations http://www.digicool.com/ | Creators of Zope http://www.zope.org/ - ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[mj@digicool.com: Re: [Zope-dev] Bug in Zope VersionControl]
(Could we please keep the list in the loop for both wider discussion and archiving?) On Fri, Jun 08, 2001 at 01:43:29PM +0200, Christian Theune wrote: REQUEST['SCRIPT_NAME'] is the root of the Zope server. In a pure ZServer environment, this is '/'. In a situation where the Zope server is running behind another webserver, and is not at the root of that server, SCRIPT_NAME represents the path to the Zope server. For instance, if your Zope server is presented to the outside world as 'http://a.server.com/a/path/to/zope/' then SCRIPT_NAME will be '/a/path/to/zope/', whereever you are in the Zope object hierarchy. Thus, a version cookie is bound to the root of the Zope server. In your case, it seems that Opera is ignoring the cookie path altogether, and instead falls back on the default, which is the path of the Version object itself. Okay. I have something for you. The REQUEST['SCRIPT_NAME'] is '' on my server. Could it be that - if zope is on the root - it SHOULD be '/' but is ''? You are correct, SCRIPT_NAME is indeed '' in ZServer situations. However, see below. Then per RFC it should be the location of the request (in this case http://localhost:8080/asdf, where asdf is the version). The RFC is silent about this. Note that there are two specifications that may apply. One is the original Netscape specification, the other is RFC 2109: http://www.netscape.com/newsref/std/cookie_spec.html http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2109.html There is also a RFC2965 which defines a new 'Set-Cookie2' header with a new syntax. Neither RFC 2109 nor the Netscape spec specify what happens when a 'path=;' cookie is sent, they only specify what happens if the path attribute is absent. The fact that we set an empty path attribute is thus confusing and we should avoid this. IE and Netscape poorely ignore the path, but Opera restricts the cookie to the location of the Version. IE and Netscape have decided that in that case the server must have ment to say 'path=/;', while Opera chooses to interpret it the same way as an omitted path attribute. Probably you want to check: if REQUEST['SCRIPT_NAME']=='': REQUEST['SCRIPT_NAME']='/' wherever this variable is created ... ??? I think we want to use: RESPOSE.setCookie( path=(REQUEST['SCRIPT_NAME'] or '/')) Could you file a bug in the Bug Collector at: http://classic.zope.org:8080/Collector Thanks! -- Martijn Pieters | Software Engineer mailto:[EMAIL PROTECTED] | Digital Creations http://www.digicool.com/ | Creators of Zope http://www.zope.org/ - ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Bug in Zope VersionControl
On Fri, Jun 08, 2001 at 02:17:06PM +0200, Christian Theune wrote: yes. we are right. Opera only sends the cookie in the version, but i couldn't figure out, what zope is sending (using the tcpwatch proxy). so i don't know what zope returns ... the should be a line == Cookie: ... or something I think, but there isn't. As soon as you press the 'join' button, Zope will send a 'Set-Cookie' header. -- Martijn Pieters | Software Engineer mailto:[EMAIL PROTECTED] | Digital Creations http://www.digicool.com/ | Creators of Zope http://www.zope.org/ - ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Bug in Zope VersionControl
From: Martijn Pieters [EMAIL PROTECTED] REQUEST['SCRIPT_NAME'] is the root of the Zope server. In a pure ZServer environment, this is '/'. In a situation where the Zope server is running behind another webserver, and is not at the root of that server, SCRIPT_NAME represents the path to the Zope server. SCRIPT_NAME is not reliable in the presence of virtual hosting. Use REQUEST['BASEPATH1'] instead. Cheers, Evan @ digicool ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Bug in Zope VersionControl
On Fri, Jun 08, 2001 at 09:36:53AM -0400, Evan Simpson wrote: From: Martijn Pieters [EMAIL PROTECTED] REQUEST['SCRIPT_NAME'] is the root of the Zope server. In a pure ZServer environment, this is '/'. In a situation where the Zope server is running behind another webserver, and is not at the root of that server, SCRIPT_NAME represents the path to the Zope server. SCRIPT_NAME is not reliable in the presence of virtual hosting. Use REQUEST['BASEPATH1'] instead. When we fix this problem, we indeed should use BASEPATH1. BASEPATH1 is also empty when in a ZServer-only situation, so we should still use path=(REQUEST['BASEPATH1'] or '/'). -- Martijn Pieters | Software Engineer mailto:[EMAIL PROTECTED] | Digital Creations http://www.digicool.com/ | Creators of Zope http://www.zope.org/ - ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Bug in Zope VersionControl
- Original Message - From: Martijn Pieters [EMAIL PROTECTED] To: Evan Simpson [EMAIL PROTECTED] Cc: Christian Theune [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, June 08, 2001 9:31 AM Subject: Re: [Zope-dev] Bug in Zope VersionControl On Fri, Jun 08, 2001 at 09:36:53AM -0400, Evan Simpson wrote: From: Martijn Pieters [EMAIL PROTECTED] REQUEST['SCRIPT_NAME'] is the root of the Zope server. In a pure ZServer environment, this is '/'. In a situation where the Zope server is running behind another webserver, and is not at the root of that server, SCRIPT_NAME represents the path to the Zope server. SCRIPT_NAME is not reliable in the presence of virtual hosting. Use REQUEST['BASEPATH1'] instead. When we fix this problem, we indeed should use BASEPATH1. BASEPATH1 is also empty when in a ZServer-only situation, so we should still use path=(REQUEST['BASEPATH1'] or '/') The fix is now in the 2.4 trunk. Andreas ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Bug in Zope VersionControl
On Fri, Jun 08, 2001 at 09:42:00AM -0400, Andreas Jung wrote: On Fri, Jun 08, 2001 at 09:36:53AM -0400, Evan Simpson wrote: From: Martijn Pieters [EMAIL PROTECTED] REQUEST['SCRIPT_NAME'] is the root of the Zope server. In a pure ZServer environment, this is '/'. In a situation where the Zope server is running behind another webserver, and is not at the root of that server, SCRIPT_NAME represents the path to the Zope server. SCRIPT_NAME is not reliable in the presence of virtual hosting. Use REQUEST['BASEPATH1'] instead. When we fix this problem, we indeed should use BASEPATH1. BASEPATH1 is also empty when in a ZServer-only situation, so we should still use path=(REQUEST['BASEPATH1'] or '/') The fix is now in the 2.4 trunk. Note that there are 3 bugs open on this, 2291 (which you set to Forgotten'?), 2225 and 2234. Also, you'll have to hunt out all usage of path=REQUEST['SCRIPT_NAME'], not just the one that you fixed. There is at least one other in Version.py, and there may be more. I think you should search for setCookie. And last, this should also go in the 2.3 branch I think. It is a small enough bugfix, and some people will be reluctant to switch to 2.4.x just yet. -- Martijn Pieters | Software Engineer mailto:[EMAIL PROTECTED] | Digital Creations http://www.digicool.com/ | Creators of Zope http://www.zope.org/ - ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Bug in Zope VersionControl
Christian Theune writes: Internet Explorer and Netscape ignore the path of the cookie and assume '/'. Who told you that? We use code explicitly setting the cookie path and it appears both IE and Netscape handle this correctly. Second: Opera is conform to the rfc of http 1.1, and this means, that the cookie is only valid for the version itself, and is not used in any place out of http://myzope:8080/blaah/myVersion That's the default cookie path. Maybe, setting the cookie path explicitly removes the problem. Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Bug in Zope VersionControl
hello again ...
Okay ... I admit using opera and enjoying it.
Problem is, that opera is sooo standardsconform.
See Zope/lib/python/Products/OFSP/Version.py:175
in function enter()
Somebody thats the path for the cookie as SCRIPT_NAME.
This seems that the scope of the versions should be
limited to the subtree where the version object was
instanciated. Nice idea.
But this doesn't work.
First:
Internet Explorer and Netscape ignore the path of the cookie
and assume '/'.
Second:
Opera is conform to the rfc of http 1.1, and this means, that
the cookie is only valid for the version itself, and is not
used in any place out of http://myzope:8080/blaah/myVersion
Proposed solution:
Change the path to '/'. And have the same behaviour on all
browsers.
Or:
Change the path to REQUEST[URL1] (is this the parent folder?)
and have the intended mechanism working at least on opera.
The last is my personal favorite, because you can have different
versions concurrently open on different projects @ one server.
Proposed patch for both solutions comes as attachement.
(both intended for zope 2.4.0a1)
(btw: remember same behaviour on function leave() ...)
--
Christian Theune - [EMAIL PROTECTED]
gocept gmbh co.kg - schalaunische strasse 6 - 06366 koethen/anhalt
tel.+49 3496 3099112 - fax.+49 3496 3099118 mob. - 0178 48 33 981
reduce(lambda x,y:x+y,map(lambda x:chr(ord(x)^42),tuple('zS^BED\nX_FOY\x0b')))
--- Version.py Thu Jan 11 16:43:57 2001
+++ lib/python/Products/OFSP/Version.py Thu Jun 7 20:25:20 2001
@@ -172,7 +172,7 @@
Begin working in a version
RESPONSE.setCookie(
Globals.VersionNameName, self.cookie,
-path=REQUEST['SCRIPT_NAME'],
+path='/',
)
if (REQUEST.has_key('SERVER_SOFTWARE') and
REQUEST['SERVER_SOFTWARE'][:9]=='Microsoft'):
@@ -190,7 +190,7 @@
RESPONSE.setCookie(
Globals.VersionNameName,'No longer active',
expires=Mon, 25-Jan-1999 23:59:59 GMT,
-path=REQUEST['SCRIPT_NAME'],
+path='/',
)
if (REQUEST.has_key('SERVER_SOFTWARE') and
REQUEST['SERVER_SOFTWARE'][:9]=='Microsoft'):
--- Version.py Thu Jan 11 16:43:57 2001
+++ lib/python/Products/OFSP/Version.py Thu Jun 7 20:25:20 2001
@@ -172,7 +172,7 @@
Begin working in a version
RESPONSE.setCookie(
Globals.VersionNameName, self.cookie,
-path=REQUEST['SCRIPT_NAME'],
+path=REQUEST['URL1'],
)
if (REQUEST.has_key('SERVER_SOFTWARE') and
REQUEST['SERVER_SOFTWARE'][:9]=='Microsoft'):
@@ -190,7 +190,7 @@
RESPONSE.setCookie(
Globals.VersionNameName,'No longer active',
expires=Mon, 25-Jan-1999 23:59:59 GMT,
-path=REQUEST['SCRIPT_NAME'],
+path=REQUEST['URL1'],
)
if (REQUEST.has_key('SERVER_SOFTWARE') and
REQUEST['SERVER_SOFTWARE'][:9]=='Microsoft'):
