Eliminate hang with unauthorized use of REST interface.

A /rest/ connection by a valid user without authorization for REST would
hang. The response didn't include content-type and content-length. This
keept the connection open until timeout.

Author: rouilj

CHANGES.txt

@@ -23,6 +23,8 @@ Fixed:
   chrome. I don't expect this to be a major problem since a front
   end server (apache, Nginx...) is usually customer facing and
   terminates SSL.
+- Fix hang when valid user without authorization for REST tries to use
+  the rest interface.
 
 Features:
 

roundup/cgi/client.py

@@ -607,7 +607,10 @@ def handle_rest(self):
 
         if not self.db.security.hasPermission('Rest Access', self.userid):
             self.response_code = 403
-            self.write(s2b('{ "error": { "status": 403, "msg": "Forbidden." } }'))
+            output = s2b('{ "error": { "status": 403, "msg": "Forbidden." } }')
+            self.setHeader("Content-Length", str(len(output)))
+            self.setHeader("Content-Type", "application/json")
+            self.write(output)
             return
 
         self.check_anonymous_access()