Tres Seaver wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Martin Aspeli wrote:
Tres Seaver <tseaver <at> palladion.com> writes:
There is no way to tell the difference between a WebDAV GET and a "normal" browser GET, period: the specs explicitly, deliberately overload the GET verb.
Hence the IANA-assigned "WebDAV source port"[1] (9800) (which *we* requested) in order to disambiguate those requests. Heh, nice.
That said, though: we know which port Zope is listening to for WebDAV. Even if it's 80 or 81 or whatever, we should be able to detect a DAV request by correlating the port on which the request was received with the address of the <webdav> server in zope.conf. True, we probably also allow DAV over the "http" port, but if that's a bit broken, I don't see a huge problem telling people to use a dedicated port. Do you see any problems with this?
Unfortuantely, there's no way to guarantee people will only use this port for Zope's WebDAV server.
That said, the two problems (WebDAV requests result in a browserDefault lookup, and folder contents) are not really an issue in everyday use for GET request. They merely cause things to explode on PUT requests to a null resource. We *can* identify PUT requests, obviously.
Strictly, PUT is not WebDAV-specific; however, it might be reasonable to apply the policy you are requesting for any PUT.
True.
So any comments on my proposal to skip the browserDefault lookup and the acquisition of resources for PUT/PROPFIND/PROPPATCH requests?
+.5, I guess. I'd like to make sure that we aren't breaking some other use first.
I'll run the tests? :) Martin -- Author of `Professional Plone Development`, a book for developers who want to work with Plone. See http://martinaspeli.net/plone-book