17 Jan
2003
17 Jan
'03
7:29 p.m.
Oliver Bleutgen wrote at 2003-1-17 18:02 +0100:
Dieter Maurer wrote:
You might use a "SiteAccess" access rule.
Dieter, thanks for the suggestion. But I don't see how SiteAccess could help me here, maybe I'm missing something.
Basically, what I want to do is to prevent zope from ever sending a unauthorized response to a clear text http request, In your AccessRule, you can customize the the "_unauthorized" method of the RESPONSE object.
The AccessRule must be implemented in an External Method in order to be able to change "RESPONSE._unauthorized". You can look at Cookie Crumbler. It uses a similar technique to prevent an Unauthorized response and rather display its login form. Dieter