[Zope-CMF] CookieCrumbler/WebDAV bug
Shane Hathaway
shane@digicool.com
Thu, 17 May 2001 14:47:08 -0400
seb bacon wrote:
> Anyway, I've discovered what the problem is. When you try to access a
> member folder, cookiecrumbler takes over and tries to redirect you to
> the login page. The correct behaviour for webDAV clients should be to
> raise a basic auth challenge. Easy enough to fix, but I can't for the
> life of me work out how you can identify webDAV clients, server side.
> Usually you could tell because the HTTP method would be something
> other than GET or POST, but you can't rely on that. If anyone can
> tell me, I'll post a patch...
That's the kicker. You *can't* reliably identify a WebDAV client.
However, it seems to me that *some* clients would an issue a PROPFIND
rather than a GET on the first connection, in which case the cookie
crumbler can be modified accordingly.
The only reliable workaround we have is to set the "auto_login" property
to a blank string (using the cookie crumbler management interface.)
That way it won't try to redirect. That's how cmf.zope.org is set up.
Shane