When using a Diazo theme, the static resources currently require authorization in order to show them. Here is how the static theme is registered:
<plone:static directory="static" type="theme" name="projecttheme" />
If you strip off the cookies (via varnish in this case) from these resources, you'd get the following errors in the log for each static resource:
2013-08-29 18:50:35 DEBUG ImplPython Unauthorized: Your user account does not have
the required permission. Access to 'project.css' of (FilesystemResourceDirectory
object at /data/project/eggs/project.theme-1.29-py2.7.egg/project/theme/static/styles)
denied. Your user account, Anonymous User, exists at /acl_users. Access requires
Access_contents_information_Permission, granted to the following roles:
['Contributor', 'Editor', 'Manager', 'Owner', 'Reader', 'Site Administrator']. Your
roles in this context are ['Anonymous'].
So, if there is no cookie, there is no auth, then you get permission denied because of the Access contents information permission. Is there any way to serve up static Diazo resources without this restriction?