feature request: ability for WSGIAccessScript to return things other then 200 or 403

[GoogleCodeExporter]

Hi,

I have a collection of photos (static files), most of which are public and a 
few of which are private, I'm using WSGIAccessScript to check which are which 
via a database and if the photo is private denying access.

However the static file collection may contain files which do not have 
corresponding entries in the database (they have been uploaded, but not yet 
imported into the db). At the moment i return 'False' and so get a 403 for 
these files, but i'd prefer to return 404 - I'm not sure how e.g. search 
engines react to 403 vs. 404.

with mod_python i could use apache.HTTP_NOT_FOUND for this in an 
PythonAccessHandler

Original issue reported on code.google.com by jasper%l...@gtempaccount.com on 1 May 2011 at 7:14

[GoogleCodeExporter]

Technically one could argue that an access handler should never really be 
returning a HTTP_NOT_FOUND as that isn't what it is intended to be used for. 
Its purpose is to check whether access is permitted or not and since user 
authorisation is not involved, the only appropriate way of flagging that is 
through a HTTP_FORBIDDEN response.

So, although mod_python may have allowed you to do that because of its Apache 
generic handler interface, it is a questionable practice.

The access handler in mod_wsgi was also intended to complement what mod_access 
in Apache does. Ie., the Deny/Allow macros for host based access control. It is 
not intended to be a general means of providing a access handler. As such, like 
mod_access, it only returns HTTP_FORBIDDEN when False is returned. I am not 
inclined to change this at this point.

Original comment by Graham.Dumpleton@gmail.com on 3 May 2011 at 12:20

• Added labels: Type-Other
• Removed labels: Type-Defect

[GoogleCodeExporter]

Closing out old issue that not intending to take action on.

Original comment by Graham.Dumpleton@gmail.com on 12 Nov 2014 at 10:41

• Changed state: WontFix