[staticcontrollers] Raise Forbidden, not Unauthorized stable
authorJulien Cristau <julien.cristau@logilab.fr>
Thu, 19 Sep 2013 18:11:12 +0200
branchstable
changeset 9234 ce504d23edf7
parent 9233 7d3316bfa4ff
child 9235 3eb8d65824f5
[staticcontrollers] Raise Forbidden, not Unauthorized Unauthorized means "log in to get access", as it results in a HTTP 401. Here, the error is pretty much permanent, and returning 401 instead of 403 confuses things terribly. (This seems to be a pretty widespread confusion :/)
web/views/staticcontrollers.py
--- a/web/views/staticcontrollers.py	Thu Sep 19 18:03:09 2013 +0200
+++ b/web/views/staticcontrollers.py	Thu Sep 19 18:11:12 2013 +0200
@@ -31,7 +31,7 @@
 from datetime import datetime, timedelta
 from logging import getLogger
 
-from cubicweb import Unauthorized
+from cubicweb import Forbidden
 from cubicweb.web import NotFound
 from cubicweb.web.http_headers import generateDateTime
 from cubicweb.web.controller import Controller
@@ -59,7 +59,7 @@
         if osp.isdir(path):
             if self.directory_listing_allowed:
                 return u''
-            raise Unauthorized(path)
+            raise Forbidden(path)
         if not osp.isfile(path):
             raise NotFound()
         if not debugmode: