Jean-Michel Hiver wrote:
On Thu 27-Feb-2003 at 11:39:32AM -0000, Richard Clarke wrote:
I've never had any reason to do this so there might be a shortcut but I think something along the lines of the following should work (As long as your access/auth handler doesnt make use of $r->is_intial_req())
I've decided that the
return DECLINED if $r->is_inital_req;
bit is a bad idea. after a few hours debugging an authorization application, I realized that this does nothing but cause problems - if you DECLINE a subrequest then it's picked up by mod_auth which, if you're not configured for flat file auth (in addition to your custom auth), mod_auth will return AUTH_REQUIRED (or worse).
you may want to
return OK if $r->is_inital_req;
but DECLINED is almost certainly a bad idea.
use Apache::Constants (:common); my $subr = $r->lookup_uri('/new/request/?foo=bar'); my $status = $subr->status; my $ok = $status==AUTH_REQUIRED ? 0:1;
I'd change that to
my $ok = $status == HTTP_OK ? 1 : 0;
since there are lots of other things that can be thrown other than AUTH_REQUIRED - for instance FORBIDDEN from an access handler.
we talk about this in Recipe 3.15 in the Cookbook (which came up yesterday, so see the archives for where you can find it for free).
Wow! Thanks for the tip :)
Is there a way to tell Apache::SubRequest that you're doing a HEAD / GET / POST / PUT / etc? Authorization handlers might behave differently depending on the HTTP method being used.
unfortunately, no - GET is hardcoded in Apache:
API_EXPORT(request_rec *) ap_sub_req_lookup_uri(const char *new_file,
const request_rec *r)
{
return ap_sub_req_method_uri("GET", new_file, r);
}and by the time you get the subrequest object back, it's too late to call $sub->method('POST'). of course, theoretically GET and HEAD should be equivalent :) but I see your point. I guess there's no way around that in this case.
--Geoff
