[Zope-dev] Zope 2 WebDAV and acquisition
Martin Aspeli
optilude+lists at gmail.com
Thu Oct 8 20:58:05 EDT 2009
Tres Seaver wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Martin Aspeli wrote:
>> Tres Seaver <tseaver <at> palladion.com> writes:
>>
>>> There is no way to tell the difference between a WebDAV GET and a
>>> "normal" browser GET, period: the specs explicitly, deliberately
>>> overload the GET verb.
>>>
>>> Hence the IANA-assigned "WebDAV source port"[1] (9800) (which *we*
>>> requested) in order to disambiguate those requests.
>> Heh, nice.
That said, though: we know which port Zope is listening to for WebDAV.
Even if it's 80 or 81 or whatever, we should be able to detect a DAV
request by correlating the port on which the request was received with
the address of the <webdav> server in zope.conf. True, we probably also
allow DAV over the "http" port, but if that's a bit broken, I don't see
a huge problem telling people to use a dedicated port.
Do you see any problems with this?
>> Unfortuantely, there's no way to guarantee people will only use this port for
>> Zope's WebDAV server.
>>
>> That said, the two problems (WebDAV requests result in a browserDefault lookup,
>> and folder contents) are not really an issue in everyday use for GET request.
>> They merely cause things to explode on PUT requests to a null resource. We *can*
>> identify PUT requests, obviously.
>
> Strictly, PUT is not WebDAV-specific; however, it might be reasonable
> to apply the policy you are requesting for any PUT.
True.
>> So any comments on my proposal to skip the browserDefault lookup and the
>> acquisition of resources for PUT/PROPFIND/PROPPATCH requests?
>
> +.5, I guess. I'd like to make sure that we aren't breaking some other
> use first.
I'll run the tests? :)
Martin
--
Author of `Professional Plone Development`, a book for developers who
want to work with Plone. See http://martinaspeli.net/plone-book
More information about the Zope-Dev
mailing list