[Zope-PAS] challenge branch ready for review

Mark Hammond mhammond at skippinet.com.au
Thu Oct 14 06:13:42 EDT 2004

> This only overrides _unauthorized(), which means that
> _exception() will
> then later in the chain perform a HTTP Basic auth no matter what. You
> need to override _exception *and* _unauthorized, like is done in HEAD
> for the moment.

Are you sure about that?  I could disable all HTTP auth with that branch.

It is response._unauthorized which sets up this authentication, and that is
exactly what we override.  I don't believe there was any reason to override


More information about the Zope-PAS mailing list