[Zope-dev] Curious about age old WebDAV decisions...
I've got a Folder (indirection) and a DTML Method (found) in the root of a Zope site. HEAD requests fail on the indirected DTML Method due to OFS.ObjectManager's __getitem__ method: def __getitem__(self, key): import pdb;pdb.set_trace() v=self._getOb(key, None) if v is not None: return v if hasattr(self, 'REQUEST'): request=self.REQUEST method=request.get('REQUEST_METHOD', 'GET') if request.maybe_webdav_client and not method in ('GET', 'POST'): return NullResource(self, key, request).__of__(self) raise KeyError, key I wasn't around during the development of the WebDAV code, so I'm loathe to just jump in and start changing things, but why isn't 'HEAD' exempted from the NullResource as well, given that HTTP specs state that HEAD *must* return the same headers that a GET would provide (ignoring for the moment the Collector issue thread over whether HEAD should provide the length of the source of a document or its fully rendered content - let's just try to make sure both methods work on the *same object*). What was the reasoning behind the decision? These changes happened way back in the Dark Ages (late March 1999 or so, earlier in the month, this code was added to OFS.Folder with the initial WebDAV support). A trip through the WayBackMachine™ shows no discussion in the Zope-dev lists in early 1999 when this was being worked on, and no real mention of WebDAV in Zope for most of the rest of that year (on Zope-dev or the general Zope list). Am I mistaking this for a problem? ~ [EMAIL PROTECTED] $ curl http://localhost:2277/found hello~ [EMAIL PROTECTED] $ curl http://localhost:2277/indirection/found hello~ [EMAIL PROTECTED] $ curl -I http://localhost:2277/found HTTP/1.1 200 OK Server: Apache Date: Wed, 28 Dec 2005 18:59:58 GMT Last-Modified: Wed, 28 Dec 2005 18:54:07 GMT Accept-Ranges: none Content-Type: text/html Content-Length: 5 ~ [EMAIL PROTECTED] $ curl -I http://localhost:2277/indirection/found HTTP/1.1 404 Not Found Server: Apache Date: Wed, 28 Dec 2005 19:00:10 GMT Bobo-Exception-Line: 63 Content-Length: 891 Bobo-Exception-Value: See the server error log for details Content-Type: text/html Accept-Ranges: none Bobo-Exception-File: NullResource.py Bobo-Exception-Type: NotFound Thanks, Zac ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: Directory structure on svn.zope.org
On Dec 27, 2005, at 9:57 AM, Zachery Bir wrote: Let's keep the SVN repo structure as flat as possible. Note that I think a project's name should be the dotted name of the Python package (if one such package exists), so it should be Products.CompositePage/ Products.PluginRegistry/ Products.PluggableAuthService/ Products.Zelenium/ instead of CompositePage/ PluginRegistry/ PluggableAuthService/ Zelenium/ +1 (er, that was to Philipp's idea, not Andreas') Zac ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: ZEO, FastCGI and Shibboleth
On 2005-04-25 06:58:17 -0400, John Snowdon [EMAIL PROTECTED] said: Has anyone any thoughts about how to go about shibboleth enabling a whole host of ZEO instances... without each one having an Apache server sitting in front of it? Or is there an alternative method out there that perhaps is not widely known? We'd contemplated doing more work with PAS and Shibboleth to actually get Zope to do the equivalent of mod_shibboleth, but it never went anywhere. We stick Zope behind Apache (or some other proxying system - Squid, et al.) as a matter of course, so it was a no-brainer to just use mod_shibboleth in situ. We've posted the contents (modulo any specific policy) of our Shibboleth implementation for PAS. It amounts to a few Scriptable Plugins to handle the specific HTTP headers that get scribbled on a Shibboleth session. Here's the message: http://mail.zope.org/pipermail/zope-pas/2005-March/000314.html Zac ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: [Zope-Coders] Unauthorized results in 401, shouldn't it result in 403?
On 2005-04-20 11:20:26 -0400, Chris Withers [EMAIL PROTECTED] said: Sidnei da Silva wrote: | 3. How does PAS handle failover from one authentication plugin to the next? /me leaves slot for PAS experts to fill Each attempt at authenticating a particular set of credentials gets a crack, and either stands up for the creds, or returns None. CookieCrumbler it's this variable is set from the cookie value) and that may result in a valid user or 'Anonymous User'. Yeah, but how does CookieCrumbler stop a basic auth box being popped to the user when things aren't authorized? By intercepting the RESPONSE's unauthorized() method. It's pretty plainly there in the code. FWIW, this is how PAS insinuates itself into the process as well, but to allow for any of the challenge plugins to fire this way. | PS: I suspect the answer to 4 varies depending on the type of auth :-( I don't think so. CookieCrumbler vs Everything Else: I think it does... Well, not in PAS ;^) Zac ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )