Tres Seaver wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Martin Aspeli wrote: >> Tres Seaver <tseaver <at> palladion.com> writes: >> >>> There is no way to tell the difference between a WebDAV GET and a >>> "normal" browser GET, period: the specs explicitly, deliberately >>> overload the GET verb. >>> >>> Hence the IANA-assigned "WebDAV source port"[1] (9800) (which *we* >>> requested) in order to disambiguate those requests. >> Heh, nice.
That said, though: we know which port Zope is listening to for WebDAV. Even if it's 80 or 81 or whatever, we should be able to detect a DAV request by correlating the port on which the request was received with the address of the <webdav> server in zope.conf. True, we probably also allow DAV over the "http" port, but if that's a bit broken, I don't see a huge problem telling people to use a dedicated port. Do you see any problems with this? >> Unfortuantely, there's no way to guarantee people will only use this port for >> Zope's WebDAV server. >> >> That said, the two problems (WebDAV requests result in a browserDefault >> lookup, >> and folder contents) are not really an issue in everyday use for GET request. >> They merely cause things to explode on PUT requests to a null resource. We >> *can* >> identify PUT requests, obviously. > > Strictly, PUT is not WebDAV-specific; however, it might be reasonable > to apply the policy you are requesting for any PUT. True. >> So any comments on my proposal to skip the browserDefault lookup and the >> acquisition of resources for PUT/PROPFIND/PROPPATCH requests? > > +.5, I guess. I'd like to make sure that we aren't breaking some other > use first. I'll run the tests? :) Martin -- Author of `Professional Plone Development`, a book for developers who want to work with Plone. See http://martinaspeli.net/plone-book _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )