Ticket #16604 (new Bug)
WebDAV upload fails to a folder that uses authentication
Reported by: | Andrew Daviel <advax@…> | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | 4.x |
Component: | Unknown | Version: | 4.2 |
Keywords: | Cc: |
Description
If a new object is uploaded with HTTP PUT into a folder that requires authentication, the server responds with "500 Internal Server Error". Plone logs an error e.g. "ValueError: Disallowed subobject type: File". Recovery is impossible.
If a new copy of an existing object is uploaded, the server responds with "401 Not Authorized" and the client retries the operation with an Authorization: Basic header and succeeds.
If, then, the client proceeds to upload a second object which does not yet exist on the server, the operation succeeds, but only if the client caches the credentials and automatically re-uses them for the same target folder.
If using a client which does not cache credentials, such as Perl HTTP::DAV, it is impossible to upload a new object to the server.
This problem did not exist in Plone 3.
If a folder requires authentication, the server should follow the challenge-response mechanism described in RFC 2617, and not require that credentials be promiscuously presented.
(forgot I had an account) It's blocking our SVN-based document publishing system from working since we upgraded from Plone 3.