Re: headers from abort() don't show up in response - Philip Jenvey - com.googlegroups.pylons-discuss

3 messages in com.googlegroups.pylons-discussRe: headers from abort() don't show u...

From	Sent On	Attachments
Sergey Lipnevich	23 Oct 2006 22:09
Philip Jenvey	24 Oct 2006 10:07
Sergey	24 Oct 2006 11:59

Subject:	Re: headers from abort() don't show up in response
From:	Philip Jenvey (pjen...@public.gmane.org)
Date:	10/24/2006 10:07:21 AM
List:	com.googlegroups.pylons-discuss

On Oct 23, 2006, at 10:09 PM, Sergey Lipnevich wrote:

Hi,

I'm trying to add a WWW-Authenticate header using abort():

abort(401, "Authentication is required", [('WWW-Authenticate', 'Basic realm="realm"')])

The code shows up correctly in the response, but my header does not. In the error controller, if I do this:

def document(self): return Response()

I get back "401 Unauthorized" but not the WWW-Authenticate. From the code, it looks like start_response in class paste.httpexceptions.HTTPException has access to headers supplied in abort() and should include them in the response, but it doesn't (or I'm not using something correctly). Any help is appreciated, thanks in advance!

What occurs is the ErrorDocuments middleware intercepts your response due to the code (401 along with other 40x codes, and 500 when debug=False) and forwards the request to your error controller (so the response is properly skinned). This forwarding process consumes your response and its headers. I think someone had brought this up before -- the solution is to watch for request.params.get('code') == '401' in your error controller; when it's encountered explicitly set the response code to 401 and add the authenticate header.

This is a pretty hokey solution, though. We could change this to work out of the box after 0.9.3; have the StatusBasedForward (the middleware doing the forwarding) save the consumed headers to environ, and have the stock error controller look for those saved headers when it notices a 401. I'll log a ticket.