|
Graham Dumpleton
graham.dumpleton at gmail.com
Sun May 27 20:31:36 EDT 2007
On 28/05/07, Jeremy Allen <jeremy at jez.net.nz> wrote: > I'm hoping to return HTTP_FORBIDDEN based on the content of the request yes, > so what I'm trying to do doesn't sound feasible. > > I'm proxying to SOAP web services, I don't want to change the content being > posted to them just inspect it to see if ceratin parts of the request are > valid for the logged in user (logged in by http auth). >From memory, that was originally the point of the SOAPAction (???) request header, ie., could be checked without looking at content, but not sure they could ever agree on how it should be used. See: http://www.oreillynet.com/xml/blog/2002/11/unraveling_the_mystery_of_soap.html for further details. It mentions something about it morphing into an 'action' attribute on content type, but the link for that is broken. Graham
|