Someone should put the issue in the collector - any volunteers? :-) seb * Dominique.Dutoit@cec.eu.int <Dominique.Dutoit@cec.eu.int> [010904 12:58]:
"Maybe it is time to patch Zope so that it is RFC standards conformant ??"
I've posted a small patch on the list yesterday (http://lists.zope.org/pipermail/zope/2001-September/098965.html). manage_workspace verifies the roles against an Anonymous user and thus, it doesn't challenge the browser. The only method I found is to force manage_workspace to verify against an Authenticated user and the problem is gone. I think that it make sense to check the roles of the Authenticated user because by definition, the user must be authenticated to access the ZMI. But on the other hand, I don't know if I've done something wrong.