Ticket #16604 (new Bug)

Opened 19 months ago

Last modified 19 months ago

WebDAV upload fails to a folder that uses authentication

Reported by: Andrew Daviel <advax@…> Owned by:
Priority: major Milestone: 4.x
Component: Unknown Version: 4.2
Keywords: Cc:

Description

If a new object is uploaded with HTTP PUT into a folder that requires authentication, the server responds with "500 Internal Server Error". Plone logs an error e.g. "ValueError: Disallowed subobject type: File". Recovery is impossible.

If a new copy of an existing object is uploaded, the server responds with "401 Not Authorized" and the client retries the operation with an Authorization: Basic header and succeeds.

If, then, the client proceeds to upload a second object which does not yet exist on the server, the operation succeeds, but only if the client caches the credentials and automatically re-uses them for the same target folder.

If using a client which does not cache credentials, such as Perl HTTP::DAV, it is impossible to upload a new object to the server.

This problem did not exist in Plone 3.

If a folder requires authentication, the server should follow the challenge-response mechanism described in RFC 2617, and not require that credentials be promiscuously presented.

Change History

comment:1 Changed 19 months ago by adaviel

  • Priority changed from minor to major

(forgot I had an account) It's blocking our SVN-based document publishing system from working since we upgraded from Plone 3.

Note: See TracTickets for help on using tickets.