That's a question to Massimo. Currently auth code just provides an URL that should be displayed instead. Such change requires rendering new URL w/o actually re-requesting needed page from the browser.
On Mon, Jun 15, 2009 at 10:16 AM, Hans Donner <[email protected]> wrote: > > can't the login page be included in the error page? > This way you have both the error and no need for redirect as a user > can directly login. > > On Mon, Jun 15, 2009 at 8:08 AM, Alexey Nezhdanov<[email protected]> > wrote: > > Sure. For a start I'll provide the list that I have. > > > > Pros: > > 1) Search-engine friendly. SEs see proper '401 Not authorised' response > > instead of '303 Found' when trying to access login-only pages > > 2) Unit tests - binding to 401/403 codes is more explicit. Receiving them > > gives better understanding on what happens. > > 3) RFC compliance > > > > Cons: > > 1) Browser must render the page to trigger the redirect. So at least in > some > > browsers (for me it is Fx 2.0) this causes a momentary page clear before > new > > page is drawn (old page -> blank -> new page). > > > > So far I can see only one workaround: put there some content so that page > > will not look so blank - in this case only 'content' part of the scren > > should clear leaving menus/logos/other decorators static. That can be > done > > only in application I think. > > > > > > On Mon, Jun 15, 2009 at 9:52 AM, mdipierro <[email protected]> > wrote: > >> > >> I would like to hear more opinions about this before changing it. > >> Pros? Cons? > >> > >> Massimo > >> > >> On Jun 14, 10:28 pm, Alexey Nezhdanov <[email protected]> wrote: > >> > No, I didn't meant IE. I meant that since redirect page doesn't have > >> > anybody > >> > for a user AND it is not a 301/303 page - it actually rendered. > >> > That is visible at least in Firefox. > >> > Also if I just add some random content (like 'you are being > redirected') > >> > it > >> > will be visible too (site -> 'you are being redirected' -> site > again). > >> > If > >> > you think that it is a good idea - I'll do. > >> > > >> > On Monday 15 June 2009 01:05:25 mdipierro wrote: > >> > > >> > > >> > > >> > > You can replace the page blanking by adding some content longer than > >> > > 512 chars > >> > > >> > > On Jun 13, 11:08 am, Alexey Nezhdanov <[email protected]> wrote: > >> > > > On Saturday 13 June 2009 16:58:33 mdipierro wrote:> I will take > this > >> > > > patch! > >> > > >> > > > Here it is, attached. Tested with latest stable, then ported to > >> > > > trunk > >> > > > version and tested again. > >> > > > However there is one problem with it. On error code 401 browser > >> > > > actually > >> > > > _renders_ the page causing it to be blanked and redrawn as opposed > >> > > > to 303 > >> > > > which just waits a bit, then instantly replaces page content. > >> > > > I do not know if there is a way to suppress that page blanking. > >> > > > Otherwise it seems to be working as intended. > >> > > >> > > > > On Jun 13, 6:19 am, Alexey Nezhdanov <[email protected]> wrote: > >> > > > > > I'm writing unit tests for my app and come across this > problem: > >> > > > > > if I try to access the page which has @auth.requires_login() > >> > > > > > I get error 303 - i.e. redirect to the page with > login/password > >> > > > > > form. > >> > > > > > While this works visually for browsers, it is actually wrong > for > >> > > > > > testing AND for search engines. Status codes are important for > >> > > > > > robots > >> > > > > > and here status is set incorrectly (should be 401). > >> > > > > > So why we not set this to 401 and make redirect with other > means > >> > > > > > (javascript/meta tags)? We know that pages that are larger > than > >> > > > > > certain size are displayed ok in IE so this should not be a > >> > > > > > problem. > >> > > > > > Here is sample page with redirect: > >> > > >> > > > > > """<html> > >> > > > > > <head> > >> > > > > > <meta http-equiv="expires" content="0" /> > >> > > > > > <meta http-equiv="refresh" > content="0;url=%(nexturl)s/" > >> > > > > > /> > >> > > > > > <script type="text/javascript"><!-- > >> > > > > > window.location='%(nexturl)s'; > >> > > > > > // --></script> > >> > > > > > </head> > >> > > > > > <body /> > >> > > > > > </html> > >> > > > > > """%{'nexturl':URL(r=request,c='auth',f='login')} > >> > > >> > > > > > If this is a good idea - I'll write a patch. > >> > > >> > > > > > -- > >> > > > > > Sincerely yours > >> > > > > > Alexey Nezhdanov > >> > > >> > > > -- > >> > > > Sincerely yours > >> > > > Alexey Nezhdanov > >> > > >> > > > noauth-401-403.diff > >> > > > 5KViewDownload > >> > > >> > -- > >> > Sincerely yours > >> > Alexey Nezhdanov > >> > > > > > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
