Hi, Right, I'm having fun'n'games with .xls files being served out of Zope 2.4.3 and accessed on computers with M$ Office 2000 installed. Basically, when you try and download the .xls file, you get an "Enter Network Password" dialog box. If you hit cancel, it usually opens okay but some users ahve reported machine crashes and the like. Now, through tweaking permissions, it appears the box is popping up 'cos Office 2000 is trying to: 1. open the doc via WebDAV rather than normal HTTP (how can make it not do this?!) 2. lock the file (ug! these files are anonymously accessible, surely they should not be lockable?!) Since Anonymous doesnt' have the WebDAV lock permission, it throws the dialog up. So, some questions: How can I make Office stop attempting to lock these resources? How many people can simultaneously holda WebDAV lock on a file? What permission controls whether or not they can edit the file? When do WebDAV locks go away? that'll do for starters... cheers, Chris PS: These files are supposed to be read-only, god knows why WebDAV is coming into play off a simple <a href=""> link :-(((
Hi!
1. open the doc via WebDAV rather than normal HTTP (how can make it not do this?!)
It seems that Office 2000 (I tested with Word 2000) does an "OPTIONS" request by default. I tried this with Zope and Apache. The "problem" is that Zope will respond with: HTTP/1.1 200 OK Server: Zope/(Zope 2.5.0b2 (binary release, python 2.1, linux2-x86), python 2.1.0, linux2) ZServer/1.1b1 Date: Tue, 15 Jan 2002 18:24:57 GMT DAV: 1,2 Ms-Author-Via: DAV Connection: close Date: Tue, 15 Jan 2002 18:24:57 GMT Allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, TRACE, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK Etag: Content-Length: 0 So now Word (or Excel) knows that Zope talks WebDAV and tries to LOCK. I guess the only way to stop this is telling Zope not to disclose the OPTIONS it has via the OPTIONS call. But that would break the HTTP 1.1 standard I guess. We seem to need an option for Zope to start an HTTP-only (now WebDAV) server for those purposes
2. lock the file (ug! these files are anonymously accessible, surely they should not be lockable?!)
The should not, by Anonymous. But sure they should by an authorized content editor ... (So Word's asking for a password makes sense, but it is a very stupid default behaviour)
Since Anonymous doesnt' have the WebDAV lock permission, it throws the dialog up.
Yep.
So, some questions:
How can I make Office stop attempting to lock these resources?
Not that I'd know. And even IF there was some hidden option to switch locking off, your average user will not have configured his Office suite correctly for your server. And the default seems to be "LOCK IT!"
How many people can simultaneously holda WebDAV lock on a file?
One I guess. But locking does not stop the file from being served, just from being PUT (submitted) by somebody else than the LOCK's owner.
What permission controls whether or not they can edit the file?
Look at all the WebDAV permissions. They are rather self-explaining (Access, Lock, Unlock, etc.)
When do WebDAV locks go away?
In Zope? I am not sure? Never? But you can release them manually here: http://zopeserver:8080/Control_Panel/DavLocks/manage_workspace Cheers Joachim
Yow, that's no good. I serve up quite a few Excell spreadsheets myself, and quite by accident I got around this behavior by fronting Zope with Apache on port 80 and use ZServer on port 9673 (Debian's default Zope port). If I want WebDAV to kick in I simply point the client at the correct port. Since it is easy to include the port number in the URL this hack neatly fixes the problem. Jason "Joachim Werner" <joe@iuveno-net.de> writes:
Hi!
1. open the doc via WebDAV rather than normal HTTP (how can make it not do this?!)
It seems that Office 2000 (I tested with Word 2000) does an "OPTIONS" request by default. I tried this with Zope and Apache. The "problem" is that Zope will respond with:
HTTP/1.1 200 OK Server: Zope/(Zope 2.5.0b2 (binary release, python 2.1, linux2-x86), python 2.1.0, linux2) ZServer/1.1b1 Date: Tue, 15 Jan 2002 18:24:57 GMT DAV: 1,2 Ms-Author-Via: DAV Connection: close Date: Tue, 15 Jan 2002 18:24:57 GMT Allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, TRACE, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK Etag: Content-Length: 0
So now Word (or Excel) knows that Zope talks WebDAV and tries to LOCK.
I guess the only way to stop this is telling Zope not to disclose the OPTIONS it has via the OPTIONS call. But that would break the HTTP 1.1 standard I guess.
We seem to need an option for Zope to start an HTTP-only (now WebDAV) server for those purposes
2. lock the file (ug! these files are anonymously accessible, surely they should not be lockable?!)
The should not, by Anonymous. But sure they should by an authorized content editor ... (So Word's asking for a password makes sense, but it is a very stupid default behaviour)
Since Anonymous doesnt' have the WebDAV lock permission, it throws the dialog up.
Yep.
So, some questions:
How can I make Office stop attempting to lock these resources?
Not that I'd know. And even IF there was some hidden option to switch locking off, your average user will not have configured his Office suite correctly for your server. And the default seems to be "LOCK IT!"
How many people can simultaneously holda WebDAV lock on a file?
One I guess. But locking does not stop the file from being served, just from being PUT (submitted) by somebody else than the LOCK's owner.
What permission controls whether or not they can edit the file?
Look at all the WebDAV permissions. They are rather self-explaining (Access, Lock, Unlock, etc.)
When do WebDAV locks go away?
In Zope? I am not sure? Never? But you can release them manually here: http://zopeserver:8080/Control_Panel/DavLocks/manage_workspace
Cheers
Joachim
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Jason Earl wrote:
Yow, that's no good. I serve up quite a few Excell spreadsheets myself, and quite by accident I got around this behavior by fronting Zope with Apache on port 80 and use ZServer on port 9673 (Debian's default Zope port).
Hang on, I front Zope with Apache too. How do you use Apache? mod_proxy? If so, how do you get it to filter out WebDAV traffic?
If I want WebDAV to kick in I simply point the client at the correct port. Since it is easy to include the port number in the URL this hack neatly fixes the problem.
That's a good idea. It does make me wonder if Zope should actually answer WebDAV REQUEST's on it's HTTP port in any case. I think it probably should... cheers, Chris
Hi! I also tested Zope behind Apache. An unaltered Proxy Pass directive should also pass the WebDAV traffic unchanged. It does so for me, and apparently also for you, Chris. But I am rather sure that Apache can be configured to return a limited "OPTIONS" list. Just don't know how. What did you do, Jason?
If I want WebDAV to kick in I simply point the client at the correct port. Since it is easy to include the port number in the URL this hack neatly fixes the problem.
That's a good idea. It does make me wonder if Zope should actually answer WebDAV REQUEST's on it's HTTP port in any case. I think it probably should...
First of all: Pointing directly to a non-80 port is not that good. People who are working from behind a corporate firewall will not be able to get the files. But of course one can get around that by simply setting up another Proxy Pass rule, so that, just as an example, http://www.myserver.com/file.doc will be served HTTP and http://dav.myserver.com/file.doc will be served with WebDAV options enabled. In terms of mere standards compatibility, Zope is right. WebDAV SHOULD work as an extension to a normal HTTP server, on the same port and such. The OPTIONS request is meant to be the means for the client to find out whether the server speaks WebDAV. But in real life, we'll probably have to accept that MS does it wrong. I guess that adding an option for a WebDAV-free HTTP port to Zope will be the best fix, so that one can either use the "combined" port (which is the current default), the already existing WebDAV port that serves objects always as sources (i.e. unrendered), and a "pure-HTTP" (or should we call it "MS-compatibility") port. If the same effect can also be reached with Apache/ProxyPass, that would be an option for most people, too. Joachim
participants (3)
-
Chris Withers -
Jason Earl -
Joachim Werner