On 4/20/10 15:17 , yuppie wrote:
Hi!
Wichert Akkerman wrote:
Unauthorised is doing stupid things here:
(Pdb) p v Unauthorized() (Pdb) p unicode(v) u'' (Pdb) p str(v) *** UnicodeEncodeError: UnicodeEncodeError('ascii', u'<!DOCTYPE html...', 1175, 1176, 'ordinal not in range(128)')
I added an extra change (see diff below) to fix that, after which things seemed to work.
Great!
Can you commit that change along with your other changes?
Still, I can not see any good reason to reraise Unauthorised exceptions if there is a valid exception view for them. This approach feels like we are attacking the symptom instead of fixing the problem.
Zope 2.12.4 was definitely broken:
401 Unauthorized responses "MUST include a WWW-Authenticate header field", see http://tools.ietf.org/html/rfc2616#section-10.4.2
Hm, fair point.
Re-raising the exceptions makes sure the post-processing in HTTPResponse.exception is called. That is also expected by CookieCrumbler and PAS.
The authentication dance between the publisher, request, PAS and CookieCrumbler really is a bit contrived :(
A better fix would be to store the rendered exception value in the response object instead of the exception object. That way we could re-raise *all* exceptions as it was done in older Zope versions.
But this would have been a bigger refactoring with more risks to break something else.
Perhaps something for 2.13 :) Wichert.