FW: [Zope-CMF] Publishing CMF Objects with ZPublisher.Client

Tres Seaver tseaver@palladion.com
Mon, 14 Jan 2002 14:32:03 -0500


Doyon, Jean-Francois wrote:

> Hello,
> 
> OK, I've figured out what the problem is, but have no idea WHY.
> 
> It looks like that 302 error occurs because Zope is redirecting the client
> agent to the login form!
> 
> What I don't understand is why, since proper credentials were provided.
> 
> I tried writing a "load_site" using urllib2, and also in Perl, and I allways
> end up with the same problem: redirected to the login page!
> 
> Does anybody know why this wouldn't work from urllib2 or LWP::UserAgent, but
> works fine in the web browser?  I'm wondering if it might have something to
> do with HTTP/1.0 versus 1.1 ... Or does POSTing handle Auth differently?
> 
> Any help would be greatly appreciated!

Correct implementations of HTTP Basic Auth treat it as a "challenge-response"
protocol;  until the server challenges, the client is not supposed to send
credentials.

The CMF's CookieCrumbler can interfere with such clients, as it intercepts
Unauthorized errors and redirects to the login form.  We have added code
to the CookieCrumbler to work around this problem for WebDAV and FTP, but
hadn't noticed that it was blocking XML-RPC until now.

To work around the problem, delete the 'Auto login form' entry from the
CookieCrumbler's properties form.

Tres.
-- 
===============================================================
Tres Seaver                                tseaver@zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com