[ZCM] [ZC] 1626/ 3 Resolve "PUT gives Forbidden when Unauthorized is expected by iCal, curl"

Collector: Zope Bugs, Features, and Patches ... zope-coders-admin at zope.org
Thu Dec 16 23:39:36 EST 2004 

Issue #1626 Update (Resolve) "PUT gives Forbidden when Unauthorized is expected by iCal, curl"
 Status Resolved, Zope/bug+solution medium
To followup, visit:
  http://zope.org/Collectors/Zope/1626

==============================================================
= Resolve - Entry #3 by mcdonc on Dec 16, 2004 11:39 pm

 Status: Pending => Resolved

Resolving, checking fix into HEAD and 2.7 branch.
________________________________________
= Comment - Entry #2 by mcdonc on Dec 16, 2004 11:13 pm

I think we need to either change the code in CopySupport that raises a CopyError if _verifyObjectPaste fails or change this code to catch CopyError.  What a mess.
________________________________________
= Request - Entry #1 by Anonymous User on Dec 16, 2004 11:07 pm

I was trying to publish an iCal calendar to my Zope server.
iCal said "... forbidden...". TCPWatch showed Zope
giving a 403 Forbidden response, while a 401 Unauthorized
response is what prompts clients to supply credentials.

The symptoms are reproducible without iCal, though:

> % curl -i --upload-file /etc/motd http://127.0.0.1:10673/put_test/motd
> HTTP/1.1 401 Unauthorized

mcdonc helped me find what seems to be the problem. In
webdav/NullResource.py, we tried this change:

>        try:
>            parent._verifyObjectPaste(ob.__of__(parent), 0)
>        except Unauthorized:
>            raise
>        except:
>            #raise Forbidden, sys.exc_info()[1]
>            raise Unauthorized, sys.exc_info()[1]

and then it works as expected; we get 401, and iCal happily tries
again with the username/password.

for reference:

403 Forbidden
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. 
<a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4">10.4.4</a>

401 ... The client MAY repeat the request with a suitable Authorization header field  <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2">10.4.2</a>

==============================================================

More information about the Zope-Collector-Monitor mailing list