[Zope] Stupid Bug

Oliver Bleutgen myzope@gmx.net
Mon, 14 Oct 2002 11:55:44 +0200 

Rares Vernica wrote:
> 
> Yes, I think you are right with: "higher up in the tree structure of the 
> site" but this is not form IE, it don't works in Netscape 4.75 or 7.0 
> neither and so... I think the bug is from Zope, don't you think so?! or 
> where is the mistake (I understand the facts but ".../StupidBug" and 
> ".../StupidBug/" points to the same page).
> 
Technically, they don't point to the same page.
That's why apache sends a redirect in some cases:
Go to
www.example.com/somefolder
and you'll get a redirect to
www.example.com/somefolder/

Because .../somefolder the URI of a file, while .../somefolder/ is the 
folder. For a folder, Apache is configured per default to look for an 
index.htm(l) document and send it's contents.

This doesn't happen if you go to

www.example.com/somefile

where somefile is a real file on the filesystem.

Now zope doesn't do that, because zope's objects can be much more 
complex than the normal directory/file structure of a filesystem.

In Zope, Folders (folderish objects -> objects which can contain other 
objects) can be callable by themselves (i.e. renderable). Either if 
there's an object called index_html in them, or, when doing python 
programming, if the folderish class has a method called __call__().

Ultimately, in this case it's up to the browser to decide when to send 
authorization information, and there is nothing zope can do about that.

So, the browser looks at the url and says:

"Ok, I _did_ send the authorization information to 
www.example.com/StupidBug/manage, but now www.example.com/StupidBug also 
wants authorization, because I got a request from the server to send it. 
But since /StupidBug is above in the hierachy compared to 
/StupidBug/manage, I won't send this authorization information. I'll 
better ask the user" -  and the login box pops up.

The only thing zope could do would be to redirect
www.example.com/StupidBug to www.example.com/StupidBug/ , like apache 
does. I don't remember them right now, but there were some convincing 
arguments for not doing that by default, maybe someone else can fill in.

cheers,
oliver