couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ari Najarian (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COUCHDB-1175) Improve content type negotiation for couchdb JSON responses
Date Sat, 19 Nov 2011 01:11:51 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-1175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13153301#comment-13153301
] 

Ari Najarian commented on COUCHDB-1175:
---------------------------------------

Hi folks,

I was shocked, and quite happy, to discover a thread that discusses the obscure issue I'm
having. This alone prompted me to sign up to the forum so I could upvote this issue and watch
it.

Like Marcello and Johannes, I'm trying to work on a secure couchapp, and am coming up against
the same problem. If I restrict access to particular database to authenticated readers only,
then when anyone navigates to the design document, they get a JSON response instead of a redirect.

Jason mentioned that the problem was insufficiently defined to move forward. As I see it,
the problem is quite simple : right now, one can either create a couchapp that sits upon a
database that anonymous users can access, OR they can create a secure document repository
that only non-browser clients can interact with. However, there is no way to create a couchapp
that interacts with a secure database, as there's no way to authenticate the user if they
hit up the application.

I don't want anonymous users to be able to access the information in my database through REST.
I don't know a damned thing about HTTP headers, responses or content-types. I'm hoping this
is an easy fix that will be pushed out to the internet soon. From the pros in this forum,
any idea how long I may have to wait to see this bug resolved?
                
> Improve content type negotiation for couchdb JSON responses
> -----------------------------------------------------------
>
>                 Key: COUCHDB-1175
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-1175
>             Project: CouchDB
>          Issue Type: Improvement
>    Affects Versions: 1.0.2
>            Reporter: Robert Newson
>            Priority: Blocker
>             Fix For: 1.2
>
>
> Currently we ignore qvalues when negotiation between 'application/json' and 'text/plain'
when returning JSON responses.
> Specifically, we test directly for 'application/json' or 'text/plain' in the Accept header.
Different branches have different bugs, though. Trunk returns 'application/json' if 'application/json'
is present at all, even if it's less preferred than 'text/plain' when qvalues are accounted
for.
> We should follow the standard.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message