Tres Seaver wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Martin Aspeli wrote:
>> Tres Seaver <tseaver <at> palladion.com> writes:
>>> There is no way to tell the difference between a WebDAV GET and a
>>> "normal" browser GET, period: the specs explicitly, deliberately
>>> overload the GET verb.
>>> Hence the IANA-assigned "WebDAV source port" (9800) (which *we*
>>> requested) in order to disambiguate those requests.
>> Heh, nice.
That said, though: we know which port Zope is listening to for WebDAV.
Even if it's 80 or 81 or whatever, we should be able to detect a DAV
request by correlating the port on which the request was received with
the address of the <webdav> server in zope.conf. True, we probably also
allow DAV over the "http" port, but if that's a bit broken, I don't see
a huge problem telling people to use a dedicated port.
Do you see any problems with this?
>> Unfortuantely, there's no way to guarantee people will only use this port for
>> Zope's WebDAV server.
>> That said, the two problems (WebDAV requests result in a browserDefault
>> and folder contents) are not really an issue in everyday use for GET request.
>> They merely cause things to explode on PUT requests to a null resource. We
>> identify PUT requests, obviously.
> Strictly, PUT is not WebDAV-specific; however, it might be reasonable
> to apply the policy you are requesting for any PUT.
>> So any comments on my proposal to skip the browserDefault lookup and the
>> acquisition of resources for PUT/PROPFIND/PROPPATCH requests?
> +.5, I guess. I'd like to make sure that we aren't breaking some other
> use first.
I'll run the tests? :)
Author of `Professional Plone Development`, a book for developers who
want to work with Plone. See http://martinaspeli.net/plone-book
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -