Open GoogleCodeExporter opened 9 years ago
It looks like @auth.require(acl.isolate_readable) doesn't even try to login the
user when unauthenticated, it should return 401 in this case instead of 403.
Original comment by maruel@chromium.org
on 2 Dec 2014 at 8:19
@auth.require just raises AuthorizationError since it doesn't know why exactly
access is forbidden (because you are anonymous, or because you do not have
permissions). Base request handler class dumbly transforms them to 403 since it
has no knowledge of any particular login UI.
For UI handlers in isolate server we can define something like:
def on_authorization_error():
if is_anonymous:
redirect to login page that redirects back to the original page
else
show 403
Original comment by vadimsh@chromium.org
on 2 Dec 2014 at 9:23
Original issue reported on code.google.com by
kmg@chromium.org
on 3 Oct 2014 at 12:48