[prev in list] [next in list] [prev in thread] [next in thread]
List: dav-dev
Subject: [dav-dev] Web Folders and codes 401, 403
From: Andrew Fuqua <afuqua () austin ! apc ! slb ! com>
Date: 2000-08-01 22:59:16
[Download RAW message or body]
Hi there -
This message is more about Web Folders than mod_dav, but I thought
someone could shed some light on the problem.
I have recently been experiencing some curious behavior from Web
Folders. In short I believe that Web Folders is not interpreting
correctly the HTTP response codes 401 and 403 under all circumstances.
What's happening from the user's point of view is that Web Folders fails
to respond with a username/password entry dialog box in certain
instances (more details in a bit). Similarly, I have not been able to
make Web Folders display a nice "Access Forbidden" error message when
Apache responds with code 403.
I discovered this problem when using the <Limit> directive to password
protect (with AuthType Basic, require valid-user, etc.) the GET, PUT,
PROPPATCH, MKCOL, and some other commands. (For this particular
project, we need to have anonymous viewing of files). So Apache is
configured to allow anonymous views (PROPFINDS) but not anonymous reads
or writes on the files' or collections' contents. Here's the pertinent
excerpt from the .htaccess file in the dav directory.
<Limit GET PUT DELETE COPY MKCOL LOCK UNLOCK PROPPATCH MOVE POST>
Require valid-user
</Limit>
So here's a scenario / how to reproduce this problem. I open up a web
folder and see all the icons of files and folders. PROPFIND is working
great. I drag a file from the Web Folder to the desktop, get a login
box, fill in user and pass, and the file copies to my desktop. I'm then
(once I have logged in) able to put files from the desktop into the Web
Folder. All seems ok, but....
After logging out of windows 98 to make web folders "forget" my
password, I opened the same web folder. BEFORE getting a file, I
dragged a file from the desktop to the web folder. Meanwhile a tail -f
on the access_log showed that Apache had responded to Web Folder's HEAD
request with a 401, which makes sense. But web folders simply chooses
to say that an error occurred rather than presenting the user with a
login box. Is it wishful thinking to expect Web Folders to pop up a
dialog box for l/p entry at this point? Legitimate problem or not?
On a similar note (I won't be as long-winded this time ;), I'm pretty
displeased with the way I have seen Web Folders handle 403 response
codes. It displays a dialog box that says only "an error occurred."
Nothing more to help the user understand why the server was unable to
complete a request. How can Web Folders become more verbose and
descriptive with error messages?
One last thing. I have tested the Apache 1.3.12 / mod_dav 1.0.1
configuration with DAVExplorer and the configuration works. I see
password dialog boxes and "Access Forbidden" messages at appropriate
times.
Please let me know if you guys have run in to similar problems or come
up with some good work-arounds.
Thanks,
Andrew
_______________________________________________
dav-dev maillist - dav-dev@lyra.org
http://dav.lyra.org/mailman/listinfo/dav-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic