Christian,
Here is a minimal example to try to illustrate what I am referring to:
https://bibfram.es/basex/static/header-test.xhtml
The first case (using the web:response-header() function) produces the desired response. You should see something like this after clicking "Test" (at least the first time, before caching):
<header> <name>WWW-Authenticate</name> <value>Digest realm="BaseX", nonce="35B2F3011682300F36AD37048B7B8560" </value> </header>
The second case (using custom elements) does not produce the desired response. You should see something like this after clicking "Test":
<header> <name>WWW-Authenticate</name> <value>Custom realm="BaseX" </value> </header>
So the two methods are not producing the same output.
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 7:28 PM, Christian Grün christian.gruen@gmail.com wrote:
Hm, I still need to understand: Why can't you set WWW-Authenticate via standard response elements if you can do it with web:response-header (which simply generates elements that you could write by yourself)?
Am 19.08.2017 1:04 vorm. schrieb "Tim Thompson" timathom@gmail.com:
Yes, but that brings me back to my original issue. The standard RESTXQ response headers let me set the HTTP status, but they don't let me override some default header values: namely, WWW-Authenticate when BaseX is configured for "Custom" authentication. The web:response-header function does let me modify the header, but it does not let me set the HTTP status.
So, there are two different solutions here; each solves part of my problem, but neither one solves the whole problem :(
Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 4:46 PM, Christian Grün <christian.gruen@gmail.com
wrote:
True. In many cases, you are probably more flexible by using the standard RESTXQ response headers.
On Fri, Aug 18, 2017 at 4:37 PM, Tim Thompson timathom@gmail.com wrote:
Right, the status can be set when using the http:response element
directly,
but the web:response-header function does not seem to provide access to that. It only allows one to set new headers, not set the status of the response.
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 9:23 AM, Christian Grün <
christian.gruen@gmail.com>
wrote:
Hi Tim,
That should be possible as well:
rest:response <http:response status="{ ... }" message="{ ... }"/> </rest:response>
Cheers, Christian
On Fri, Aug 18, 2017 at 3:20 PM, Tim Thompson timathom@gmail.com
wrote:
Hi, Christian,
Yes, it does. The only issue is that there doesn't seem to be a way
to
set the HTTP status and message via web:response-header, is that right?
This
would be a great feature to have :)
Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 4:25 AM, Christian Grün christian.gruen@gmail.com wrote:
Hi Tim,
I am glad to hear the response header output does its job.
As the function does nothing else than creating a response header (unfortunately with this standard caching directive – I think I will remove it along with BaseX 8.7), you could try to replace your response elements with the function’s result. Does this help?
Christian
On Thu, Aug 17, 2017 at 9:21 PM, Tim Thompson timathom@gmail.com wrote: > Using the web:response-header() function from the BaseX Web Module > seems > to > work for overriding default headers > (http://docs.basex.org/wiki/Web_Module#web:response-header). I do > wonder > why > the behavior differs between this function and directly using a > rest:response element. Shouldn't these two be equivalent? > > Thanks, > Tim > > > -- > Tim A. Thompson > Discovery Metadata Librarian > Yale University Library > > > On Thu, Aug 17, 2017 at 11:50 AM, Tim Thompson <
timathom@gmail.com>
> wrote: >> >> Hello, >> >> Is it possible to overwrite default HTTP headers in RESTXQ? I am >> running >> BaseX in Tomcat 7 and have set the authmethod param set to
"Custom."
>> I >> wanted to define my own WWW-Authenticate header for Digest >> authentication. I >> tried something like this: >> >> http:header > name="WWW-Authenticate" >> value="{ >> ``[Digest realm="BaseX", >> qop="auth, auth-int", >> algorithm=MD5, >> nonce=`{hash:md5(random:uuid())}`]`` >> }"/> >> >> (in a custom response, as specified in >> http://docs.basex.org/wiki/RESTXQ#Custom_Response). >> >> However, the WWW-Authenticate header only returns a value of
Custom
>> realm="BaseX" no matter what I do in the custom RESTXQ response. >> >> Thanks in advance, >> Tim >> >> -- >> Tim A. Thompson >> Discovery Metadata Librarian >> Yale University Library >> >