Merge pull request #304 from zopefoundation/py3_fix_wsgi_unauthorized

create exception view before handling Unauthorized
zopefoundation · Oct 2, 2018 · 1d78cfa · 1d78cfa
2 parents 3c56da9 + 2bf75dd
commit 1d78cfa
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 4 deletions.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -26,6 +26,9 @@ New features
 Bugfixes
 ++++++++
 
+- Call exception view before triggering _unauthorized.
+  (`#304 <https://github.com/zopefoundation/Zope/pull/304>`_)
+
 - Fix XML Page template files in Python 3
   (`#319 <https://github.com/zopefoundation/Zope/issues/319>`_)
 

diff --git a/src/ZPublisher/WSGIPublisher.py b/src/ZPublisher/WSGIPublisher.py
@@ -149,6 +149,10 @@ def transaction_pubevents(request, response, tm=transaction.manager):
             if request.environ.get('x-wsgiorg.throw_errors', False):
                 reraise(*exc_info)
 
+            # Handle exception view
+            exc_view_created = _exc_view_created_response(
+                exc, request, response)
+
             if isinstance(exc, Unauthorized):
                 # _unauthorized modifies the response in-place. If this hook
                 # is used, an exception view for Unauthorized has to merge
@@ -157,10 +161,6 @@ def transaction_pubevents(request, response, tm=transaction.manager):
                 response._unauthorized()
                 response.setStatus(exc.getStatus())
 
-            # Handle exception view
-            exc_view_created = _exc_view_created_response(
-                exc, request, response)
-
             notify(pubevents.PubBeforeAbort(
                 request, exc_info, request.supports_retry()))
             tm.abort()