Return-Path: Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: (qmail 19013 invoked from network); 8 Dec 2010 21:11:58 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 8 Dec 2010 21:11:58 -0000 Received: (qmail 84999 invoked by uid 500); 8 Dec 2010 21:11:57 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 84950 invoked by uid 500); 8 Dec 2010 21:11:57 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 84942 invoked by uid 99); 8 Dec 2010 21:11:57 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 08 Dec 2010 21:11:57 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 08 Dec 2010 21:11:54 +0000 Received: from thor (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id oB8LBXrw026613 for ; Wed, 8 Dec 2010 21:11:33 GMT Message-ID: <19649545.23811291842693275.JavaMail.jira@thor> Date: Wed, 8 Dec 2010 16:11:33 -0500 (EST) From: "Gabriel Farrell (JIRA)" To: dev@couchdb.apache.org Subject: [jira] Commented: (COUCHDB-972) Unauthorized requests with(out) Accept: */* get different status codes In-Reply-To: <5508255.48491291219631924.JavaMail.jira@thor> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/COUCHDB-972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12969489#action_12969489 ] Gabriel Farrell commented on COUCHDB-972: ----------------------------------------- As for linking to the thread, I prefer Gmane: http://thread.gmane.org/gmane.comp.db.couchdb.devel/12750/. It seems silly to me to break from the HTTP spec to avoid browser auth forms, but I don't yet understand the particulars well enough to suggest a better solution. > Unauthorized requests with(out) Accept: */* get different status codes > ---------------------------------------------------------------------- > > Key: COUCHDB-972 > URL: https://issues.apache.org/jira/browse/COUCHDB-972 > Project: CouchDB > Issue Type: Bug > Components: Futon, HTTP Interface > Affects Versions: 1.0.1 > Reporter: Benjamin Young > Assignee: Filipe Manana > Priority: Minor > Original Estimate: 0h > Remaining Estimate: 0h > > Sending a GET request for any URL of private/secured database without an Accept header set returns a 302 Found status which redirects to the Futon's login page. > Sending a GET request with an Accept: */* (which is conceptually the same) returns a 401 (as does setting Accept to anything else: application/json, etc). > The 401 code is the prefered response, but the 302 is in use to load the HTML/JS-based login forms in Futon. > The options I can see to fix this are: > 1. Return 302 if Accept is set to */*, but return 401 for application/json (and possibly anything more specific). > 2. Return 401 and load the Futon login page/system as the response body--some browsers/clients may still load the HTTP Auth form in addition to the HTML one in the body of the page. > 3. Return 401 and let the browsers HTTP Auth form handle the login process. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.