backport from trunk rev 71678

----------------------------- Work against squid negative_ttl when unauthorized For a complete description of the problem solved see: http://mail.zope.org/pipermail/zope3-dev/2006-December/021321.html
zopefoundation · Jan 2, 2007 · ff2cb50 · ff2cb50
1 parent 430add0
commit ff2cb50
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 0 deletions.
diff --git a/browser/tests/test_unauthorized.py b/browser/tests/test_unauthorized.py
@@ -75,6 +75,14 @@ def testUnauthorized(self):
         # Make sure the response status was set
         self.assertEqual(request.response.getStatus(), 403)
 
+        # check headers that work around squid "negative_ttl"
+        self.assertEqual(request.response.getHeader('Expires'),
+                         'Mon, 26 Jul 1997 05:00:00 GMT')
+        self.assertEqual(request.response.getHeader('Pragma'),
+                         'no-cache')
+        self.assertEqual(request.response.getHeader('Cache-Control'),
+                         'no-store, no-cache, must-revalidate')
+
         # Make sure the auth utility was called
         self.failUnless(self.auth.request is request)
         self.assertEqual(self.auth.principal_id, 23)

diff --git a/browser/unauthorized.py b/browser/unauthorized.py
@@ -0,0 +1,37 @@
+##############################################################################
+#
+# Copyright (c) 2003 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Unauthorized Exception View Class
+
+$Id$
+"""
+__docformat__ = 'restructuredtext'
+
+from zope.app import zapi
+
+
+class Unauthorized(object):
+
+    def issueChallenge(self):
+        # Set the error status to 403 (Forbidden) in the case when we don't
+        # challenge the user
+        self.request.response.setStatus(403)
+
+        # make sure that squid does not keep the response in the cache
+        self.request.response.setHeader('Expires', 'Mon, 26 Jul 1997 05:00:00 GMT')
+        self.request.response.setHeader('Cache-Control', 'no-store, no-cache, must-revalidate')
+        self.request.response.setHeader('Pragma', 'no-cache')
+
+        principal = self.request.principal
+        auth = zapi.principals()
+        auth.unauthorized(principal.id, self.request)