• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use
Item7848 for generic doc work for TWiki-6.1.1. Use Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
• Does this site look broken?. Use the LitterTray web for test cases.
• Use
Item7848 for generic doc work for TWiki-6.1.1. Use Item7851 for doc work on extensions that are not part of a release. More... Close • Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
• Does this site look broken?. Use the LitterTray web for test cases.
Item6023: REST handlers give error instead of redirecting to login topic
Item Form Data
| AppliesTo: | Component: | Priority: | CurrentState: | WaitingFor: | TargetRelease | ReleasedIn |
|---|---|---|---|---|---|---|
| Engine | Normal | New | n/a |
Edit Form Data
Detail
REST handlers do not behave the same way as scripts with respect to authentication. When I try to do something in a script that requires authentication, then the script can redirect to authentication page (if template login is selected) or use other authentication.
However, in a REST handler it appears that we need to be authenticated to execute the REST handler, and we immediately get an error if that is not the case.
I am not sure whether that has to be this way, but it is not good. We are giving users browser errors, where we should ask them to login/register.
I consider this a serious problem, in particular as we seem to drive towards replacing some scripts by REST handlers.
-- TWiki:Main/ThomasWeigert
- 26 Sep 2008
That's exactly how RESTful behavior should be, though. Anything else is a violation of HTTP standards, which are important to REST.
I'd actually be happier if TWiki returned a proper 404 on nonexistent pages instead of the "200 Yeah We Don't Have That But Here's A Form To Create It" it now returns, which gives Googlebot and friends the wrong impression.
-- TWiki:Main.KarenCravens - 26 Sep 2008
True.
It should be possible to have authorized and unauthorzied access to a REST handler. But in either cases the handler should respond with proper http codes.
I only expect machines to call REST handlrers, not humans. If a user gets a browser error page, thats a problem of the application calling the handler.
-- TWiki:Main.OliverKrueger - 26 Sep 2008
The difficulty is that people have started using REST handlers where in the past we would have had scripts, such as putting them as the actions that get invoked when when executing a form, for example, or clicking a button. There has been some rumour that we are supposed to rewrite all scripts as REST.
But the current system works so that scripts can authenticate after being invoked. I cannot quite imagine how you could authenticate before you call REST when the REST call is on a form, for example, unless we ensure that a user is always logged in.
-- ThomasWeigert - 28 Sep 2008
- 26 Sep 2008
That's exactly how RESTful behavior should be, though. Anything else is a violation of HTTP standards, which are important to REST.
I'd actually be happier if TWiki returned a proper 404 on nonexistent pages instead of the "200 Yeah We Don't Have That But Here's A Form To Create It" it now returns, which gives Googlebot and friends the wrong impression.
-- TWiki:Main.KarenCravens - 26 Sep 2008
True.
It should be possible to have authorized and unauthorzied access to a REST handler. But in either cases the handler should respond with proper http codes.
I only expect machines to call REST handlrers, not humans. If a user gets a browser error page, thats a problem of the application calling the handler.
-- TWiki:Main.OliverKrueger - 26 Sep 2008
The difficulty is that people have started using REST handlers where in the past we would have had scripts, such as putting them as the actions that get invoked when when executing a form, for example, or clicking a button. There has been some rumour that we are supposed to rewrite all scripts as REST.
But the current system works so that scripts can authenticate after being invoked. I cannot quite imagine how you could authenticate before you call REST when the REST call is on a form, for example, unless we ensure that a user is always logged in.
-- ThomasWeigert - 28 Sep 2008
| ItemTemplate | |
|---|---|
| Summary | REST handlers give error instead of redirecting to login topic |
| ReportedBy |
TWiki:Main.ThomasWeigert
|
| Codebase | 4.2.0, 4.2.1, 4.2.2 |
| SVN Range | TWiki-5.0.0, Tue, 23 Sep 2008, build 17539 |
| AppliesTo | Engine |
| Component | |
| Priority | Normal |
| CurrentState | New |
| WaitingFor | |
| Checkins | |
| TargetRelease | n/a |
| ReleasedIn | |
Topic revision: r4 - 2008-09-28 - ThomasWeigert
Site map
Bugs web
Create New Report
Index
Search
Detailed Items Query
Changes
100
Notifications
RSS Feed
Statistics
Preferences
Bugs 
Items by urgency
My Reports
Recently Closed
Extensions
By Status 
Waiting for Feedback
Confirmed
Being Worked On
Waiting for Release
No Action Required
Lima 
Fixes for Rel.Notes
Create Feature Request
Account 
Copyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback