On 2007-09-15 17:35:20 +0200, "Roger Ineichen" <[EMAIL PROTECTED]> said:
Betreff: [Zope3-dev] Re: skin support for xmlrpc
On 2007-09-14 18:54:01 +0200, "Fred Drake" <[EMAIL PROTECTED]> said:
On 9/14/07, Roger Ineichen <[EMAIL PROTECTED]> wrote:
If you register views for a base request type, you
probably will open
a backdor in other projects. Because
I'm not advocating registering views for the base request types
generally, but only the way to specify in the URL what the request
type is. Because sometimes we really do want completely
of XML-RPC (or whatever) interfaces.
Ok, then I suggest:
* Provide an IRequestType interface in zope.publisher
* Provide an ++api++ traverser in zope.traversing which does
* define class IBrowserSkinType(IRequestType)
* Leave ++skin++ for IBrowserSkinType or just make it the
same as ++api++
* Keep layer="" on <xmlrpc:view>, <browser:page> etc.
If I understand the concept correct. This is a builtin backdoor.
Doesn't this allow to bypass the Apache rewrite rule?
If the rewrite rule in Apache is:
Or does the ++api++ namespace recognize the skin?
Which means the url rewritten url is.
A way to avoid this is to allow applying a skin / request type only once.
Zope3-dev mailing list