Hi Safari 4.0.2 fails to send an Authorization header to the server when the user is authenticated via basic authentication. This results in all sorts of permission problems. I realise this is not a Zope problem but perhaps I can hack some temporary solution server-side to convince Safari to play along. Header examples: Firefox: -------- 'GET /sweet HTTP/1.1\r\n Host: 192.168.1.75:23190\r\n User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.1) Gecko/20090716 Ubuntu/9.04 (jaunty) Shiretoko/3.5.1\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n Accept-Language: en-us,en;q=0.5\r\nAccept-Encoding: gzip,deflate\r\n Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n Keep-Alive: 300\r\n Connection: keep-alive\r\n Cookie: tree-s="eJzT0MgpMOQKVneEA1dbda4CI67EkgJjLj0AeGcHew"\r\n Authorization: Basic YWRtaW46bG9jYWw=\r\n Cache-Control: max-age=0' Safari: ------- 'GET /sweet HTTP/1.1\r\n Host: 192.168.1.75:23190\r\n User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1\r\n Referer: http://192.168.1.75:23190/sweet/pt_editForm\r\n Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\n Accept-Language: en-US\r\n Accept-Encoding: gzip, deflate\r\n Cache-Control: max-age=0\r\n Cookie: __utma=91023834.1699497027.1250064893.1250064893.1250064893.1; __utmb=91023834; __utmc=91023834; __utmz=91023834.1250064893.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); tree-s="eJzTyCkw5NLIKTDiClZ3hANXW3WuAmOuxEQ9AIOOB9Q"\r\n Connection: keep-alive' This thread also discusses the issue: http://plope.com/Members/chrism/safari_3_discards_basic_auth It is fairly simple to replicate - add a Page Template to the root which displays request/AUTHENTICATED_USER and navigate to it (while logged in) with the respective browsers. Hedley