[Zope-dev] Curious about age old WebDAV decisions...
I've got a Folder (indirection) and a DTML Method (found) in the root
of a Zope site. HEAD requests fail on the indirected DTML Method due
to OFS.ObjectManager's __getitem__ method:
def __getitem__(self, key):
import pdb;pdb.set_trace()
v=self._getOb(key, None)
if v is not None: return v
if hasattr(self, 'REQUEST'):
request=self.REQUEST
method=request.get('REQUEST_METHOD', 'GET')
if request.maybe_webdav_client and not method in ('GET',
'POST'):
return NullResource(self, key, request).__of__(self)
raise KeyError, key
I wasn't around during the development of the WebDAV code, so I'm
loathe to just jump in and start changing things, but why isn't
'HEAD' exempted from the NullResource as well, given that HTTP specs
state that HEAD *must* return the same headers that a GET would
provide (ignoring for the moment the Collector issue thread over
whether HEAD should provide the length of the source of a document or
its fully rendered content - let's just try to make sure both methods
work on the *same object*). What was the reasoning behind the
decision? These changes happened way back in the Dark Ages (late
March 1999 or so, earlier in the month, this code was added to
OFS.Folder with the initial WebDAV support). A trip through the
WayBackMachine™ shows no discussion in the Zope-dev lists in early
1999 when this was being worked on, and no real mention of WebDAV in
Zope for most of the rest of that year (on Zope-dev or the general
Zope list). Am I mistaking this for a problem?
~
[EMAIL PROTECTED] $ curl http://localhost:2277/found
hello~
[EMAIL PROTECTED] $ curl http://localhost:2277/indirection/found
hello~
[EMAIL PROTECTED] $ curl -I http://localhost:2277/found
HTTP/1.1 200 OK
Server: Apache
Date: Wed, 28 Dec 2005 18:59:58 GMT
Last-Modified: Wed, 28 Dec 2005 18:54:07 GMT
Accept-Ranges: none
Content-Type: text/html
Content-Length: 5
~
[EMAIL PROTECTED] $ curl -I http://localhost:2277/indirection/found
HTTP/1.1 404 Not Found
Server: Apache
Date: Wed, 28 Dec 2005 19:00:10 GMT
Bobo-Exception-Line: 63
Content-Length: 891
Bobo-Exception-Value: See the server error log for details
Content-Type: text/html
Accept-Ranges: none
Bobo-Exception-File: NullResource.py
Bobo-Exception-Type: NotFound
Thanks,
Zac
___
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: Directory structure on svn.zope.org
On Dec 27, 2005, at 9:57 AM, Zachery Bir wrote: Let's keep the SVN repo structure as flat as possible. Note that I think a project's name should be the dotted name of the Python package (if one such package exists), so it should be Products.CompositePage/ Products.PluginRegistry/ Products.PluggableAuthService/ Products.Zelenium/ instead of CompositePage/ PluginRegistry/ PluggableAuthService/ Zelenium/ +1 (er, that was to Philipp's idea, not Andreas') Zac ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: ZEO, FastCGI and Shibboleth
On 2005-04-25 06:58:17 -0400, John Snowdon [EMAIL PROTECTED] said: Has anyone any thoughts about how to go about shibboleth enabling a whole host of ZEO instances... without each one having an Apache server sitting in front of it? Or is there an alternative method out there that perhaps is not widely known? We'd contemplated doing more work with PAS and Shibboleth to actually get Zope to do the equivalent of mod_shibboleth, but it never went anywhere. We stick Zope behind Apache (or some other proxying system - Squid, et al.) as a matter of course, so it was a no-brainer to just use mod_shibboleth in situ. We've posted the contents (modulo any specific policy) of our Shibboleth implementation for PAS. It amounts to a few Scriptable Plugins to handle the specific HTTP headers that get scribbled on a Shibboleth session. Here's the message: http://mail.zope.org/pipermail/zope-pas/2005-March/000314.html Zac ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: [Zope-Coders] Unauthorized results in 401, shouldn't it result in 403?
On 2005-04-20 11:20:26 -0400, Chris Withers [EMAIL PROTECTED] said: Sidnei da Silva wrote: | 3. How does PAS handle failover from one authentication plugin to the next? /me leaves slot for PAS experts to fill Each attempt at authenticating a particular set of credentials gets a crack, and either stands up for the creds, or returns None. CookieCrumbler it's this variable is set from the cookie value) and that may result in a valid user or 'Anonymous User'. Yeah, but how does CookieCrumbler stop a basic auth box being popped to the user when things aren't authorized? By intercepting the RESPONSE's unauthorized() method. It's pretty plainly there in the code. FWIW, this is how PAS insinuates itself into the process as well, but to allow for any of the challenge plugins to fire this way. | PS: I suspect the answer to 4 varies depending on the type of auth :-( I don't think so. CookieCrumbler vs Everything Else: I think it does... Well, not in PAS ;^) Zac ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
