couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benjamin Young (JIRA)" <>
Subject [jira] Created: (COUCHDB-972) Unauthorized requests with(out) Accept: */* get different status codes
Date Wed, 01 Dec 2010 16:07:11 GMT
Unauthorized requests with(out) Accept: */* get different status codes

                 Key: COUCHDB-972
             Project: CouchDB
          Issue Type: Bug
          Components: Futon, HTTP Interface
    Affects Versions: 1.0.1
            Reporter: Benjamin Young
            Priority: Minor

Sending a GET request without an Accept header set returns a 302 Found status which redirects
to the Futon's login page.

Sending a GET request with an Accept: */* (which is conceptually the same) returns a 401 (as
does setting Accept to anything else: application/json, etc).

The 401 code is the prefered response, but the 302 is in use to load the HTML/JS-based login
forms in Futon.

The options I can see to fix this are:
1. Return 302 if Accept is set to */*, but return 401 for application/json (and possibly anything
more specific).
2. Return 401 and load the Futon login page/system as the response body--some browsers/clients
may still load the HTTP Auth form in addition to the HTML one in the body of the page.
3. Return 401 and let the browsers HTTP Auth form handle the login process.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message