#2036: TG gives 500 server error instead of 403 or 404
------------------------+---------------------------------------------------
Reporter: chrisz | Owner: faide
Type: defect | Status: new
Priority: normal | Milestone: 1.1
Component: TurboGears | Version: 1.0.7
Severity: minor | Keywords: JSON, NoApplicableMethods,
SecureResource
------------------------+---------------------------------------------------
In TG 1.x, when you have a JSON controller (e.g. for an autocomplete
field) that is part of a `SecureResource` (i.e. a login protected part of
your site), and you try to access that controller without being logged in,
then you get a 500 server error instead of a 403 Forbidden error.
The reason is that TG tries to redirect the request to the login page, but
the login page does not accept JSON.
Any ideas for a simple fix? I guess we have to either modify the login
method or change `IdentityFailure` in tg.identity.exceptions so that it
checks whether JSON was requested.
The other question is why TG raises 500 server error when no applicable
controllers are found. Shouldn't it better return a 404 error? That could
be achieved by catching `NoApplicableMethods` in the expose function in
tg.controllers and raising `cherrypy.HTTPError(404)` in this case (maybe
with a few precautions, because `NoApplicableMethods` could also stem from
some nested function call).
--
Ticket URL: <http://trac.turbogears.org/ticket/2036>
TurboGears <http://www.turbogears.org/>
TurboGears front-to-back web development
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google
Groups "TurboGears Tickets" group.
This group is read-only. No posting by normal members allowed.
To unsubscribe from this group, send email to
[EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears-tickets?hl=en?hl=en
-~----------~----~----~----~------~----~------~--~---
