Log message for revision 76767: - DAV: compatibility with Windows Web Folders restored by adding a configuration variable that controls the sending of the non-standard MS-Author-Via and Public headers. Thanks for PatrickD for the the hard work coming up with an initial patch. (http://zope.org/Collectors/Zope/1441)
Changed: U Zope/trunk/doc/CHANGES.txt U Zope/trunk/lib/python/Zope2/Startup/handlers.py U Zope/trunk/lib/python/Zope2/Startup/tests/test_schema.py U Zope/trunk/lib/python/Zope2/Startup/zopeschema.xml U Zope/trunk/lib/python/webdav/Resource.py U Zope/trunk/lib/python/webdav/__init__.py U Zope/trunk/lib/python/webdav/tests/testResource.py U Zope/trunk/skel/etc/zope.conf.in -=- Modified: Zope/trunk/doc/CHANGES.txt =================================================================== --- Zope/trunk/doc/CHANGES.txt 2007-06-18 15:59:12 UTC (rev 76766) +++ Zope/trunk/doc/CHANGES.txt 2007-06-18 16:04:25 UTC (rev 76767) @@ -97,6 +97,13 @@ Bugs Fixed + - Collector #1441: WebDAV compatibility with Windows Web Folders + restored by adding a configuration variable that controls the + sending of the non-standard MS-Author-Via and Public + headers. Thanks for PatrickD for the the hard work coming up + with an initial patch. + (http://zope.org/Collectors/Zope/1441) + - DAV: litmus "notowner_modify" tests warn during a MOVE request because we returned "412 Precondition Failed" instead of "423 Locked" when the resource attempting to be moved was itself @@ -118,13 +125,14 @@ for further rationale. - When Zope properties were set via DAV in the "null" namespace - (xmlns="") a subsequent PROPFIND for the property would cause the - XML representation for that property to show a namespace of + (xmlns="") a subsequent PROPFIND for the property would cause the + XML representation for that property to show a namespace of xmlns="None". Fixed within OFS.PropertySheets.dav__propstat. - Relaxed requirements for context of Products.Five.browser.pagetemplatefile.ZopeTwoPageTemplateFile, - to reduce barriers for testing renderability of views which use them. + to reduce barriers for testing renderability of views which + use them. (http://www.zope.org/Collectors/Zope/2327) - Collector #2304: fixed markup issue in ptEdit.zpt @@ -1296,7 +1304,8 @@ x86_64 systems - ZReST: the charset used in the rendered HTML was not set to the - corresponding output_encoding property of the ZReST instance. In addition + corresponding output_encoding property of the ZReST instance. In +addition changing the encodings through the Properties tab did not re-render the HTML. Modified: Zope/trunk/lib/python/Zope2/Startup/handlers.py =================================================================== --- Zope/trunk/lib/python/Zope2/Startup/handlers.py 2007-06-18 15:59:12 UTC (rev 76766) +++ Zope/trunk/lib/python/Zope2/Startup/handlers.py 2007-06-18 16:04:25 UTC (rev 76767) @@ -150,6 +150,14 @@ def http_header_max_length(value): return value +def enable_ms_author_via(value): + import webdav + webdav.enable_ms_author_via = value + +def enable_ms_public_header(value): + import webdav + webdav.enable_ms_public_header = value + def catalog_getObject_raises(value): if value is not None: Modified: Zope/trunk/lib/python/Zope2/Startup/tests/test_schema.py =================================================================== --- Zope/trunk/lib/python/Zope2/Startup/tests/test_schema.py 2007-06-18 15:59:12 UTC (rev 76766) +++ Zope/trunk/lib/python/Zope2/Startup/tests/test_schema.py 2007-06-18 16:04:25 UTC (rev 76767) @@ -95,6 +95,50 @@ items.sort() self.assertEqual(items, [("FEARFACTORY", "rocks"), ("NSYNC","doesnt")]) + def test_ms_author_via(self): + import webdav + from Zope2.Startup.handlers import handleConfig + + default_setting = webdav.enable_ms_author_via + try: + conf, handler = self.load_config_text("""\ + instancehome <<INSTANCE_HOME>> + enable-ms-author-via true + """) + handleConfig(None, handler) + self.assert_(webdav.enable_ms_author_via == True) + + conf, handler = self.load_config_text("""\ + instancehome <<INSTANCE_HOME>> + enable-ms-author-via false + """) + handleConfig(None, handler) + self.assert_(webdav.enable_ms_author_via == False) + finally: + webdav.enable_ms_author_via = default_setting + + def test_ms_public_header(self): + import webdav + from Zope2.Startup.handlers import handleConfig + + default_setting = webdav.enable_ms_public_header + try: + conf, handler = self.load_config_text("""\ + instancehome <<INSTANCE_HOME>> + enable-ms-public-header true + """) + handleConfig(None, handler) + self.assert_(webdav.enable_ms_public_header == True) + + conf, handler = self.load_config_text("""\ + instancehome <<INSTANCE_HOME>> + enable-ms-public-header false + """) + handleConfig(None, handler) + self.assert_(webdav.enable_ms_public_header == False) + finally: + webdav.enable_ms_public_header = default_setting + def test_path(self): p1 = tempfile.mktemp() p2 = tempfile.mktemp() Modified: Zope/trunk/lib/python/Zope2/Startup/zopeschema.xml =================================================================== --- Zope/trunk/lib/python/Zope2/Startup/zopeschema.xml 2007-06-18 15:59:12 UTC (rev 76766) +++ Zope/trunk/lib/python/Zope2/Startup/zopeschema.xml 2007-06-18 16:04:25 UTC (rev 76767) @@ -553,6 +553,63 @@ </description> </key> + <key name="enable-ms-author-via" datatype="boolean" handler="enable_ms_author_via" default="off"> + <description> + Set this directive to 'true' to enable the "MS-Author-Via" header + in response to an OPTIONS WebDAV request. Early versions of + Microsoft Web Folders and Microsoft Office require this header to + be present to be able to connect to Zope via WebDAV. + + This is disabled by default since it makes a lot of standards-compliant + things unhappy AND it tricks Microsoft Office into trying to edit Office + files stored in Zope via WebDAV even when the user isn't allowed to edit + them and is only trying to download them. + + Check this collector entry for more information: + http://www.zope.org/Collectors/Zope/1441 + + Recent versions of Microsoft Web Folders, updated after January + 2005, do not require this header anymore, and instead require a + "Public" header to be present in reply to the OPTIONS WebDAV + request. + (http://www.redmountainsw.com/wordpress/archives/webfolders-zope) + + To get a recent Microsoft Web Folders implementation, refer to + Microsoft KB Article 907306. + (Software Update for Web Folders: May 18, 2007). + </description> + <metadefault>off</metadefault> + </key> + + <key name="enable-ms-public-header" datatype="boolean" handler="enable_ms_public_header" default="off"> + <description> + Set this directive to 'on' to enable sending the "Public" header + in response to an WebDAV OPTIONS request. + + Though recent WebDAV drafts mention this header, the original + WebDAV RFC did not mention it as part of the standard. Very few + web servers out there include this header in their replies, most + notably IIS and Netscape Enterprise 3.6. + + Since many best practices documents out in the web mention + turning off this header with the subject of "Mask Your Web Server + For Enhanced Security", this setting is off by + default. Presumably malicious people might take the presence of + this header as indication of an IIS Web Server and try to attack + your site, so be careful when turning it on. + + Recent versions of Microsoft Web Folders, updated after January + 2005, *do* require this header to be present in reply to the + OPTIONS WebDAV request. + (http://www.redmountainsw.com/wordpress/archives/webfolders-zope) + + To get a recent Microsoft Web Folders implementation, refer to + Microsoft KB Article 907306. + (Software Update for Web Folders: May 18, 2007). + </description> + <metadefault>off</metadefault> + </key> + <key name="dns-server" datatype=".dns_resolver" attribute="dns_resolver"> <description> Specify the IP address of your DNS server in order to cause resolved Modified: Zope/trunk/lib/python/webdav/Resource.py =================================================================== --- Zope/trunk/lib/python/webdav/Resource.py 2007-06-18 15:59:12 UTC (rev 76766) +++ Zope/trunk/lib/python/webdav/Resource.py 2007-06-18 16:04:25 UTC (rev 76767) @@ -18,8 +18,10 @@ import mimetypes import sys import warnings +import re from urllib import unquote +import webdav import ExtensionClass from Globals import InitializeClass from AccessControl import getSecurityManager @@ -54,6 +56,7 @@ from OFS.event import ObjectWillBeMovedEvent import OFS.subscribers +ms_dav_agent = re.compile("Microsoft.*Internet Publishing.*") class Resource(ExtensionClass.Base, Lockable.LockableItem): @@ -220,6 +223,15 @@ RESPONSE.setHeader('Allow', ', '.join(self.__http_methods__)) RESPONSE.setHeader('Content-Length', 0) RESPONSE.setHeader('DAV', '1,2', 1) + + # Microsoft Web Folders compatibility, only enabled if + # User-Agent matches. + if ms_dav_agent.match(REQUEST.get_header('User-Agent', '')): + if webdav.enable_ms_public_header: + RESPONSE.setHeader('Public', ', '.join(self.__http_methods__)) + if webdav.enable_ms_author_via: + RESPONSE.setHeader('MS-Author-Via', 'DAV') + RESPONSE.setStatus(200) return RESPONSE Modified: Zope/trunk/lib/python/webdav/__init__.py =================================================================== --- Zope/trunk/lib/python/webdav/__init__.py 2007-06-18 15:59:12 UTC (rev 76766) +++ Zope/trunk/lib/python/webdav/__init__.py 2007-06-18 16:04:25 UTC (rev 76767) @@ -36,3 +36,6 @@ Microsoft, U.C. Irvine, Netscape, Novell. February, 1999.""" __version__='$Revision: 1.7 $'[11:-2] + +enable_ms_author_via = False +enable_ms_public_header = False Modified: Zope/trunk/lib/python/webdav/tests/testResource.py =================================================================== --- Zope/trunk/lib/python/webdav/tests/testResource.py 2007-06-18 15:59:12 UTC (rev 76766) +++ Zope/trunk/lib/python/webdav/tests/testResource.py 2007-06-18 16:04:25 UTC (rev 76767) @@ -4,6 +4,26 @@ from AccessControl.SecurityManager import setSecurityPolicy from Acquisition import Implicit + +MS_DAV_AGENT = "Microsoft Data Access Internet Publishing Provider DAV" + +def make_request_response(environ=None): + from StringIO import StringIO + from ZPublisher.HTTPRequest import HTTPRequest + from ZPublisher.HTTPResponse import HTTPResponse + + if environ is None: + environ = {} + + stdout = StringIO() + stdin = StringIO() + resp = HTTPResponse(stdout=stdout) + environ.setdefault('SERVER_NAME', 'foo') + environ.setdefault('SERVER_PORT', '80') + environ.setdefault('REQUEST_METHOD', 'GET') + req = HTTPRequest(stdin, environ, resp) + return req, resp + class TestResource(unittest.TestCase): def setUp(self): self.app = DummyContent() @@ -34,6 +54,61 @@ verifyClass(IDAVResource, Resource) verifyClass(IWriteLock, Resource) + def test_ms_author_via(self): + import webdav + from webdav.Resource import Resource + + default_settings = webdav.enable_ms_author_via + try: + req, resp = make_request_response() + resource = Resource() + resource.OPTIONS(req, resp) + self.assert_(not resp.headers.has_key('ms-author-via')) + + webdav.enable_ms_author_via = True + req, resp = make_request_response() + resource = Resource() + resource.OPTIONS(req, resp) + self.assert_(not resp.headers.has_key('ms-author-via')) + + req, resp = make_request_response( + environ={'USER_AGENT': MS_DAV_AGENT}) + resource = Resource() + resource.OPTIONS(req, resp) + self.assert_(resp.headers.has_key('ms-author-via')) + self.assert_(resp.headers['ms-author-via'] == 'DAV') + + finally: + webdav.enable_ms_author_via = default_settings + + def test_ms_public_header(self): + import webdav + from webdav.Resource import Resource + default_settings = webdav.enable_ms_public_header + try: + req, resp = make_request_response() + resource = Resource() + resource.OPTIONS(req, resp) + self.assert_(not resp.headers.has_key('public')) + + webdav.enable_ms_public_header = True + req, resp = make_request_response() + resource = Resource() + resource.OPTIONS(req, resp) + self.assert_(not resp.headers.has_key('public')) + self.assert_(resp.headers.has_key('allow')) + + req, resp = make_request_response( + environ={'USER_AGENT': MS_DAV_AGENT}) + resource = Resource() + resource.OPTIONS(req, resp) + self.assert_(resp.headers.has_key('public')) + self.assert_(resp.headers.has_key('allow')) + self.assert_(resp.headers['public'] == resp.headers['allow']) + + finally: + webdav.enable_ms_public_header = default_settings + def test_MOVE_self_locked(self): """ DAV: litmus"notowner_modify" tests warn during a MOVE request Modified: Zope/trunk/skel/etc/zope.conf.in =================================================================== --- Zope/trunk/skel/etc/zope.conf.in 2007-06-18 15:59:12 UTC (rev 76766) +++ Zope/trunk/skel/etc/zope.conf.in 2007-06-18 16:04:25 UTC (rev 76767) @@ -443,7 +443,71 @@ # # http-header-max-length 16384 +# Directive: enable-ms-author-via +# +# Description: +# Set this directive to 'true' to enable the "MS-Author-Via" header +# in response to an OPTIONS WebDAV request. Early versions of +# Microsoft Web Folders and Microsoft Office require this header to +# be present to be able to connect to Zope via WebDAV. +# +# This is disabled by default since it makes a lot of standards-compliant +# things unhappy AND it tricks Microsoft Office into trying to edit Office +# files stored in Zope via WebDAV even when the user isn't allowed to edit +# them and is only trying to download them. +# +# Check this collector entry for more information: +# http://www.zope.org/Collectors/Zope/1441 +# +# Recent versions of Microsoft Web Folders, updated after January +# 2005, do not require this header anymore, and instead require a +# "Public" header to be present in reply to the OPTIONS WebDAV +# request. +# (http://www.redmountainsw.com/wordpress/archives/webfolders-zope) +# +# To get a recent Microsoft Web Folders implementation, refer to +# Microsoft KB Article 907306. +# (Software Update for Web Folders: May 18, 2007). +# +# Default: off +# +# Example: +# +# enable-ms-author-via on +# Directive: enable-ms-public-header +# +# Description: +# Set this directive to 'on' to enable sending the "Public" header +# in response to an WebDAV OPTIONS request. +# +# Though recent WebDAV drafts mention this header, the original +# WebDAV RFC did not mention it as part of the standard. Very few +# web servers out there include this header in their replies, most +# notably IIS and Netscape Enterprise 3.6. +# +# Since many best practices documents out in the web mention +# turning off this header with the subject of "Mask Your Web Server +# For Enhanced Security", this setting is off by +# default. Presumably malicious people might take the presence of +# this header as indication of an IIS Web Server and try to attack +# your site, so be careful when turning it on. +# +# Recent versions of Microsoft Web Folders, updated after January +# 2005, *do* require this header to be present in reply to the +# OPTIONS WebDAV request. +# (http://www.redmountainsw.com/wordpress/archives/webfolders-zope) +# +# To get a recent Microsoft Web Folders implementation, refer to +# Microsoft KB Article 907306. +# (Software Update for Web Folders: May 18, 2007). +# +# Default: off +# +# Example: +# +# enable-ms-public-header on + # Directive: automatically-quote-dtml-request-data # # Description: _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org http://mail.zope.org/mailman/listinfo/zope-checkins