[Zope-dev] Zope 2 WebDAV and acquisition

Martin Aspeli optilude+lists at gmail.com
Thu Oct 8 20:58:05 EDT 2009


Tres Seaver wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Martin Aspeli wrote:
>> Tres Seaver <tseaver <at> palladion.com> writes:
>>
>>> There is no way to tell the difference between a WebDAV GET and a
>>> "normal" browser GET, period:  the specs explicitly, deliberately
>>> overload the GET verb.
>>>
>>> Hence the IANA-assigned "WebDAV source port"[1] (9800) (which *we*
>>> requested) in order to disambiguate those requests.
>> Heh, nice.

That said, though: we know which port Zope is listening to for WebDAV. 
Even if it's 80 or 81 or whatever, we should be able to detect a DAV 
request by correlating the port on which the request was received with 
the address of the <webdav> server in zope.conf. True, we probably also 
allow DAV over the "http" port, but if that's a bit broken, I don't see 
a huge problem telling people to use a dedicated port.

Do you see any problems with this?

>> Unfortuantely, there's no way to guarantee people will only use this port for
>> Zope's WebDAV server.
>>
>> That said, the two problems (WebDAV requests result in a browserDefault lookup,
>> and folder contents) are not really an issue in everyday use for GET request.
>> They merely cause things to explode on PUT requests to a null resource. We *can*
>> identify PUT requests, obviously.
> 
> Strictly, PUT is not WebDAV-specific;  however, it might be reasonable
> to apply the policy you are requesting for any PUT.

True.

>> So any comments on my proposal to skip the browserDefault lookup and the
>> acquisition of resources for PUT/PROPFIND/PROPPATCH requests?
> 
> +.5, I guess.  I'd like to make sure that we aren't breaking some other
> use first.

I'll run the tests? :)

Martin

-- 
Author of `Professional Plone Development`, a book for developers who
want to work with Plone. See http://martinaspeli.net/plone-book



More information about the Zope-Dev mailing list