• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item6023: REST handlers give error instead of redirecting to login topic

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Engine   Normal New   n/a  

Edit Form Data

Reported By:
Applies To:
Current State:
Waiting For:
Target Release:
Released In:


REST handlers do not behave the same way as scripts with respect to authentication. When I try to do something in a script that requires authentication, then the script can redirect to authentication page (if template login is selected) or use other authentication.

However, in a REST handler it appears that we need to be authenticated to execute the REST handler, and we immediately get an error if that is not the case.

I am not sure whether that has to be this way, but it is not good. We are giving users browser errors, where we should ask them to login/register.

I consider this a serious problem, in particular as we seem to drive towards replacing some scripts by REST handlers.

-- TWiki:Main/ThomasWeigert - 26 Sep 2008

That's exactly how RESTful behavior should be, though. Anything else is a violation of HTTP standards, which are important to REST.

I'd actually be happier if TWiki returned a proper 404 on nonexistent pages instead of the "200 Yeah We Don't Have That But Here's A Form To Create It" it now returns, which gives Googlebot and friends the wrong impression.

-- TWiki:Main.KarenCravens - 26 Sep 2008


It should be possible to have authorized and unauthorzied access to a REST handler. But in either cases the handler should respond with proper http codes.

I only expect machines to call REST handlrers, not humans. If a user gets a browser error page, thats a problem of the application calling the handler.

-- TWiki:Main.OliverKrueger - 26 Sep 2008

The difficulty is that people have started using REST handlers where in the past we would have had scripts, such as putting them as the actions that get invoked when when executing a form, for example, or clicking a button. There has been some rumour that we are supposed to rewrite all scripts as REST.

But the current system works so that scripts can authenticate after being invoked. I cannot quite imagine how you could authenticate before you call REST when the REST call is on a form, for example, unless we ensure that a user is always logged in.

-- ThomasWeigert - 28 Sep 2008

Summary REST handlers give error instead of redirecting to login topic
ReportedBy TWiki:Main.ThomasWeigert
Codebase 4.2.0, 4.2.1, 4.2.2
SVN Range TWiki-5.0.0, Tue, 23 Sep 2008, build 17539
AppliesTo Engine

Priority Normal
CurrentState New


TargetRelease n/a

Edit | Attach | Watch | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r4 - 2008-09-28 - ThomasWeigert
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback