HTTPForbidden is exactly what I throw in the traversal code, which
then get mapped to the login view. If I throw HTTPForbidden again in
the login view, it will result in 500 Internal Server Error, thus I
manually create a 403 response and return that instead.
On Feb 9, 9:13 am, Jonathan Vanasco
I'm pretty sure you need to be using 401 for pages that require authorisation,
and not 403.
Maybe try to untangle your approach so that the login page is never throwing
401 (or 403). The protected resource should raise the exception and your app
design handles it by issuing a redirect to
That's what I thought too, but it seems like the standard for
pyramid is to show the login view for 403:
http://docs.pylonsproject.org/projects/pyramid/en/latest/tutorials/wiki/authorization.html#add-login-and-logout-views
I think I will just rename my view from login to not_authorized,
and make
On Thu, Feb 9, 2012 at 8:36 AM, Yap Sok Ann sok...@gmail.com wrote:
That's what I thought too, but it seems like the standard for
pyramid is to show the login view for 403:
http://docs.pylonsproject.org/projects/pyramid/en/latest/tutorials/wiki/authorization.html#add-login-and-logout-views
Pyramid internally raises a HTTPForbidden... this is the safest thing for
Pyramid to do, and requires the fewest assumptions about what your app
actually wants. From that point, you can catch the HTTPForbidden in an
exception view, determine what you actually want to do, and return that.
For
You can count me in for another $50...
Bruce
--
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To view this discussion on the web visit
https://groups.google.com/d/msg/pylons-discuss/-/x5nfcGchdj8J.
To post to this group, send email to
On Thu, 2012-02-09 at 16:35 -0800, Bruce Coble wrote:
You can count me in for another $50...
Thanks!
Bruce
--
You received this message because you are subscribed to the Google
Groups pylons-discuss group.
To view this discussion on the web visit
