Re: [cgiapp] how to set 403 status code with CGI::App?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cgiapp] how to set 403 status code with CGI::App?

Subject: Re: [cgiapp] how to set 403 status code with CGI::App?
Date: Wed, 02 Oct 2002 16:32:20 -0600
From: Michael Cameron <suppressed>

Hi Mike,

The Apache::Auth modules work at the Apache Authentication level and before
the reponse level.  You are trying to send a Auth response from The Response
phase of the Apache lifecycle.

OReilly's Writing Apache Modules with Perl and C is an excellent resource.

Apache lifecycle

HTTP Request

URI Translation
Header Parsing
(Should be sending 403 at one of the following 3 stages)
Access Control (Are we open for business)
Authentication (Who is it)
Autherization (Are they allowed)

MIME type checking
fixup
Response (You are sending 403 here)
Logging
Cleanup

Hope that helps
Mike
----- Original Message -----
From: "Mike Carlton" <suppressed>
To: "John Walker" <suppressed>
Cc: "'Michael Cameron'" <suppressed>;
<suppressed>
Sent: Wednesday, October 02, 2002 4:16 PM
Subject: RE: [cgiapp] how to set 403 status code with CGI::App?


>
> The 403 approach is used by Apache::AuthCookie (unless I'm
> mis-interpreting what I saw in traces).
>
> The drawback with just switching run modes is that you'll return status
> 200 and the browser (and other devices) will cache your login page as the
> contents of 'private'.  Maybe this doesn't matter (it will be reload
> soon, we could set a no-cache header, expire it immediately, ...)
> I'm assuming that is the reason the Apache::AuthCookie modules send 403.
>
> If I remember correctly, the NYTimes site does a bunch of redirects (302)
> -- redirecting you to their login page and then redirecting again to the
> original destination.  After giving it some more thought, maybe this makes
> more sense than 403 (and seems much less likely to cause these kinds of
> problems).
>
> --Mike
>
>
> On Wed, 2 Oct 2002, John Walker wrote:
>
> > Why are you trying to set a 403?
> >
> > Can't you just change the value of run mode and continue?
> >
> > > sub cgiapp_prerun
> > > {
> > >           my ($self, $runmode) = @_;
> > >
> > >           if ($runmode eq 'private' && $needs_auth) {
> > >                   $runmode = 'login';
> > >                   $self->prerun_mode($runmode);
> > >           }
> > > }
> > >
> > > 1;
> >
> > REMOVE THESE:
> >
> > >                   $self->header_type('header');
> > >                   $self->header_props(-status=>'403 Forbidden');
> >
> > In this case I do not think 'login' really has nothing to do with HTTPD
403
> > in this case, its just the name of a subroutine in your module.
> >
> > John
> >
>


---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/suppressed/
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed

References:
- RE: [cgiapp] how to set 403 status code with CGI::App?
  - From: Mike Carlton

Prev by Date: RE: [cgiapp] how to set 403 status code with CGI::App?
Next by Date: Re: [cgiapp] (Fwd) Re: [cgiapp] Shared class attributes under mod_perl
Previous by thread: RE: [cgiapp] how to set 403 status code with CGI::App?
Next by thread: Re: [cgiapp] (Fwd) Re: [cgiapp] Shared class attributes under mod_perl
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.