Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge head-unauthorized-5490

Author: exarkun
Reviewer: therve
Fixes: #5490

When generating an unauthorized response from `twisted.web.guard.SessionWrapper`,
only write to the response body if the request method is not HEAD.  This avoids
generating a warning in the log but should not otherwise change the behavior
of `SessionWrapper`.


git-svn-id: svn://svn.twistedmatrix.com/svn/Twisted/trunk@33575 bbbe8e31-12d6-0310-92fd-ac37d47ddeeb
  • Loading branch information...
commit d66ee5b42c7e16bc5f25b8ce7baccbbc8058a00d 1 parent 7edffc9
exarkun authored
View
2  twisted/web/_auth/wrapper.py
@@ -54,6 +54,8 @@ def quoteString(s):
request.responseHeaders.addRawHeader(
'www-authenticate',
generateWWWAuthenticate(fact.scheme, challenge))
+ if request.method == 'HEAD':
+ return ''
return 'Unauthorized'
View
33 twisted/web/test/test_httpauth.py
@@ -232,21 +232,42 @@ def test_getChildWithDefault(self):
resource.getChildWithDefault("bar", None), resource)
- def test_render(self):
+ def _unauthorizedRenderTest(self, request):
"""
- L{UnauthorizedResource} renders with a 401 response code and a
- I{WWW-Authenticate} header and puts a simple unauthorized message
- into the response body.
+ Render L{UnauthorizedResource} for the given request object and verify
+ that the response code is I{Unauthorized} and that a I{WWW-Authenticate}
+ header is set in the response containing a challenge.
"""
resource = UnauthorizedResource([
BasicCredentialFactory('example.com')])
- request = DummyRequest([''])
request.render(resource)
self.assertEqual(request.responseCode, 401)
self.assertEqual(
request.responseHeaders.getRawHeaders('www-authenticate'),
['basic realm="example.com"'])
- self.assertEqual(request.written, ['Unauthorized'])
+
+
+ def test_render(self):
+ """
+ L{UnauthorizedResource} renders with a 401 response code and a
+ I{WWW-Authenticate} header and puts a simple unauthorized message
+ into the response body.
+ """
+ request = DummyRequest([''])
+ self._unauthorizedRenderTest(request)
+ self.assertEqual('Unauthorized', ''.join(request.written))
+
+
+ def test_renderHEAD(self):
+ """
+ The rendering behavior of L{UnauthorizedResource} for a I{HEAD} request
+ is like its handling of a I{GET} request, but no response body is
+ written.
+ """
+ request = DummyRequest([''])
+ request.method = 'HEAD'
+ self._unauthorizedRenderTest(request)
+ self.assertEqual('', ''.join(request.written))
def test_renderQuotesRealm(self):
View
0  twisted/web/topfiles/5490.misc
No changes.
Please sign in to comment.
Something went wrong with that request. Please try again.