• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item4929: need to work out howto deal with access denied error in rest

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Engine   Normal Confirmed TWiki:Main.SvenDowideit minor 4.2.0

Edit Form Data

Summary:
Reported By:
Codebase:
Applies To:
Component:
Priority:
Current State:
Waiting For:
Target Release:
Released In:
 

Detail

right now I made it return 401, with the assumption that we cna find a way to send an auth header, but the more i contemplate the reality of this, the more I think it'll have to be changed to 403 or 404 (404 would be more secure, as its not confirming or denying the existance of the resource)

TWiki:Main/SvenDowideit - 05 Nov 2007

I think 401 is right. 403 suggests that the request is totally forbidden, so if definitely wrong. 404 is the HTTP equivalent of sticking your fingers in your ears and singing la la la I can't heeeeaaaar you, and really isn't a sensible response to a well-formed request.

We really ought to make it easier for a REST function to return a sensible status code. At the moment you have to generate your own headers (I use modifyHeaderHandler) to return a status frown

-- TWiki:Main.CrawfordCurrie - 05 Nov 2007

I really don't think this is Urgent. We can code handlers to return status codes, and it's a matter of convention that they obey the HTTP standards. I think it's the subject for individual plugins to "do it properly". I can't see any reason why we should block 4.2.0 because of it (happy to be convinced otherwise)

Dropping to Normal.

CC

the problem is that 401 must send an auth request to the browser - so if we stick with 401, we still have work todo.

-- TWiki:Main.SvenDowideit - 15 Nov 2007

I am not certain, but I think Item5548 http://develop.twiki.org/~twiki4/cgi-bin/view/Bugs/Item5548 is a result of this issue not blocking 4.2...

-- TWiki:Main.GavinMcDonald - 25 Apr 2008

I don't think so. I only use the REST handlers from WysiwygPlugin and they never raise access control violations; they have no need to, because all the information is provided to them in the POST request.

-- TWiki:Main.CrawfordCurrie - 25 Apr 2008

ItemTemplate
Summary need to work out howto deal with access denied error in rest
ReportedBy TWiki:Main.SvenDowideit
Codebase ~twiki4, 4.2.0
SVN Range TWiki-4.3.0, Fri, 12 Oct 2007, build 15261
AppliesTo Engine
Component

Priority Normal
CurrentState Confirmed
WaitingFor TWiki:Main.SvenDowideit
Checkins

TargetRelease minor
ReleasedIn 4.2.0
Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r7 - 2011-08-22 - PeterThoeny
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback