It's very nice that we have improved REST support in Plone core, in the form of plone.rest
etc.
If I understand correctly, plone.rest
intercepts during traversal all requests with Accept: application/json
header, to do its magic (although it has some exceptions built in for some special cases).
Because of this, some features in Plone TTW theme editing have been broken ever since plone.rest
was merged into core. A simple short fix has been proposed a few times over the last couple of years, but it's been repeatedly refused & suggested that the issue should be resolved by changes elsewhere in Plone instead.
Trying to help out, I went down the rabbit hole to see if broken TTW theme file upload could be fixed by changing upload so that rather than JSON messaging, it'd rely on normal HTTP/REST request/response semantics. Upload requests would then no longer be caught by plone.rest
.
I checked plone.app.theming (the easy part), thememapper
-> filemanager
-> upload
patterns, and third-party Dropzone.js
that ultimately does the upload. Saw that it could be done in a way that makes sense. Maybe just 20-30 lines of functional code changes on both sides, in total. But of course there are also tests that'd need to be changed. Both in backend & frontend. Perhaps something else unforeseen too; there usually is.
So, let's presume someone is willing to spend time on this effort, even whilst knowing that the same outcome could be accomplished in 5 minutes by three or so lines in plone.rest
.
But... this is just for one use case of one pattern. I did a quick search in mockup and it seems there are at least six patterns that use JSON application messaging of some sort. Which means they likely use Accept: application/json
, which means... you get the picture. I wonder how many bugs we have in Plone because of the same root cause?
I might even be willing to go & create PRs for both mockup & plone.app.theming to resolve the TTW upload issue. If it was only that. But I am afraid that I'd probably soon find the next issue in theming caused by the same thing, and then the next, ... A lot of work in total. And I cannot help but think that addressing these cases would probably be trivial if only it was ok to add exceptions for them in somewhere else...
Maybe the patterns that use JSON messaging all should be changed by some objective measure; HTTP/REST compliance & best practices or such, as it has been suggested. Unrelated to the root of the issue as those measures might be. And maybe adding a few more exceptions to plone.rest
traversal intercept logic would have some significant drawbacks. I don't know what they'd be.
But it seems there is a big known cost for Plone on the other side: things are broken now, and would perhaps remain so forever, given the possibility that nobody is going to do this non-trivial amount of non-trivial work. We might then as well e.g. cut off TTW theme editing completely for example. It wouldn't be the first time Zope & Plone communities have killed TTW stuff over the years, by people who had no need for it.
Personally, I would appreciate a economical and practical solution that can be worked on. So that we could keep TTW theming and whatever else that might be affected.
I don't really know where else I should've raised this dilemma. I would imagine this might have been discussed already somewhere, maybe several times. And given that attempting to use JSON over HTTP for application messaging forces Plone core and add-ons to use plone.rest
or not use JSON messaging at all, might there be some sort of accepted plan or policy somewhere? With clear direction or guidance on this matter? If not, should something like that be formulated?
Thanks for reading. Apologies for any mistakes & incorrect observations. My history with Zope & Plone is, while surprisingly long by now, somewhat superficial and more occasional than regular. So bear with me. Corrections welcome.