Problem:
The view for the unauthorized exception (zope/app/exception/browser/
unauthorized.py/.pt) gets the authentication utility to issue a
challenge, and then draws a page. Drawing the page is silly in some
cases, and problematic in others.
In particular, for session credentials, the
Gary Poster wrote:
Make the unauthorized view smarter: call the authentication utility's
unauthorized method before rendering the page, and if the request then
has a 303 status, don't bother to render the page.
+1
--
Benji York
Senior Software Engineer
Zope Corporation
Gary Poster wrote:
Risks:
Requires more developer work to support browsers that don't support
redirects.
Are you aware of any browsers that don't support redirects? Even Lynx
and wget support redirection.
Shane
___
Zope3-dev mailing list