couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gabriel Farrell (JIRA)" <>
Subject [jira] Commented: (COUCHDB-972) Unauthorized requests with(out) Accept: */* get different status codes
Date Wed, 01 Dec 2010 18:03:17 GMT


Gabriel Farrell commented on COUCHDB-972:

I vote for the third option. A straight 401 is the correct response.

> Unauthorized requests with(out) Accept: */* get different status codes
> ----------------------------------------------------------------------
>                 Key: COUCHDB-972
>                 URL:
>             Project: CouchDB
>          Issue Type: Bug
>          Components: Futon, HTTP Interface
>    Affects Versions: 1.0.1
>            Reporter: Benjamin Young
>            Assignee: Filipe Manana
>            Priority: Minor
> Sending a GET request for any URL of private/secured database without an Accept header
set returns a 302 Found status which redirects to the Futon's login page.
> Sending a GET request with an Accept: */* (which is conceptually the same) returns a
401 (as does setting Accept to anything else: application/json, etc).
> The 401 code is the prefered response, but the 302 is in use to load the HTML/JS-based
login forms in Futon.
> The options I can see to fix this are:
> 1. Return 302 if Accept is set to */*, but return 401 for application/json (and possibly
anything more specific).
> 2. Return 401 and load the Futon login page/system as the response body--some browsers/clients
may still load the HTTP Auth form in addition to the HTML one in the body of the page.
> 3. Return 401 and let the browsers HTTP Auth form handle the login process.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message