durusmail: quixote-users: PROPFIND and other methods
PROPFIND and other methods
2005-09-20
Mike Orr (2 parts)
2005-09-20
David Binger
2005-09-20
Mike Orr
2005-09-20
David Binger
2005-09-21
Mike Orr
2005-09-21
Mike Orr
PROPFIND and other methods
Mike Orr
2005-09-21
On 9/20/05, Mike Orr  wrote:
> On 9/20/05, David Binger  wrote:
> > On Sep 20, 2005, at 5:50 PM, Mike Orr wrote:
> >
> > >>
> > >> PROPFIND is a webdav method.  Webdav is described in rfc 2518.
> > >> Maybe this is just a browser trying to mount your server.
> > >>
> > >
> > > But should it be?  If the application is not meant to be WebDAV
> > > friendly, is there any reason not to send an error and force them to
> > > use GET?
> >
> > I agree that the unimplemented method response is appropriate here.
> > I just meant that these requests might be not be attacks.
> > Should it be Quixote or an application that restricts the request
> > method?
> > What if your application really wants to implement WebDAV?
>
> It looks like a job for ._q_traverse().  How about something like this?
>
> def get_methods(self, path):
>     """Return a list of HTTP methods allowed for this traversal path."""
>     return ['GET', 'POST']
>
> def _q_traverse(self, path):
>     ...
>     method = quixote.get_request().get_method().upper()
>    if method == 'OPTIONS':
>        return self.get_methods()    # Properly formatted per RFC, of course.
>     elif method == 'TRACE':
>         return quixote.get_request().get_headers()  # Properly formatted.
>         # request.get_headers() does not exist yet.
>         # I'm not really sure what this method is supposed to do.
>     elif method not in self.get_methods(path):
>         quixote.get_response().set_status(501)
>         return "ERROR MESSAGE"
>     ...

Actually, this only makes sense for the the leaf object, not the
intervening directories.  So this should be before the "elif
callable(obj):" line, and .get_methods() should take an argument
'obj'.

--
Mike Orr  or
reply