[Zope-dev] Cookie Crumbler ignores HTTP HEAD?
Shane Hathaway
shane@zope.com
Wed, 23 Apr 2003 15:45:42 -0400
Brent M Hendricks wrote:
> I see in the code for CookieCrumbler.modifyRequest() that it disables
> cookies if the HTTP method is not GET, PUT, or POST. Specifically this
> means that it won't accepct cookie auth for HEAD requests. This is
> causing problems on my site for users with some browsers.
>
> Apparently some browsers (recent Mozillas, maybe others) send a HEAD
> request when the user right-clicks a link and selects "Save link target
> as" (presumably to gather information before starting the download). So
> any links that are restricted to authenticated users have the strange
> behavior that users can left-click and view the file directly, but if
> they right-click instead they get the Zope Basic auth dialog. Not at
> all the desired behavior :)
>
> Is there a particular reason why HEAD was omitted from the list in
> modifyRequest()?
No.
> Could it be added in?
Yes.
boolean-replies-only-y'rs, Shane