couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexander Shorin (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (COUCHDB-972) Unauthorized requests with(out) Accept: */* get different status codes
Date Sun, 30 Jun 2013 05:11:20 GMT

     [ https://issues.apache.org/jira/browse/COUCHDB-972?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Alexander Shorin closed COUCHDB-972.
------------------------------------

       Resolution: Fixed
    Fix Version/s: 1.2

> Sending a GET request for any URL of private/secured database without an Accept header
set returns a 302 Found status which redirects to the Futon's login page.

$ curl -v -XGET http://10.5.0.75:5984/_config -H "Accept:"
* About to connect() to 10.5.0.75 port 5984 (#0)
*   Trying 10.5.0.75...
* Adding handle: conn: 0x2232fd0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x2232fd0) send_pipe: 1, recv_pipe: 0
* Connected to 10.5.0.75 (10.5.0.75) port 5984 (#0)
> GET /_config HTTP/1.1
> User-Agent: curl/7.30.0
> Host: 10.5.0.75:5984
> 
< HTTP/1.1 401 Unauthorized
* Server CouchDB/1.2.2 (Erlang OTP/R15B03) is not blacklisted
< Server: CouchDB/1.2.2 (Erlang OTP/R15B03)
< Date: Sun, 30 Jun 2013 04:21:11 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 64
< Cache-Control: must-revalidate
< 
{"error":"unauthorized","reason":"You are not a server admin."}
* Connection #0 to host 10.5.0.75 left intact

Looks like it was fixed in [03ede5b|https://git-wip-us.apache.org/repos/asf?p=couchdb.git;a=commit;h=03ede5b036c48d0a212fac033cd90e5b041913ad]
                
> Unauthorized requests with(out) Accept: */* get different status codes
> ----------------------------------------------------------------------
>
>                 Key: COUCHDB-972
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-972
>             Project: CouchDB
>          Issue Type: Bug
>          Components: Futon, HTTP Interface
>    Affects Versions: 1.0.1
>            Reporter: Benjamin Young
>            Assignee: Filipe Manana
>            Priority: Minor
>             Fix For: 1.2
>
>   Original Estimate: 0h
>  Remaining Estimate: 0h
>
> Sending a GET request for any URL of private/secured database without an Accept header
set returns a 302 Found status which redirects to the Futon's login page.
> Sending a GET request with an Accept: */* (which is conceptually the same) returns a
401 (as does setting Accept to anything else: application/json, etc).
> The 401 code is the prefered response, but the 302 is in use to load the HTML/JS-based
login forms in Futon.
> The options I can see to fix this are:
> 1. Return 302 if Accept is set to */*, but return 401 for application/json (and possibly
anything more specific).
> 2. Return 401 and load the Futon login page/system as the response body--some browsers/clients
may still load the HTTP Auth form in addition to the HTML one in the body of the page.
> 3. Return 401 and let the browsers HTTP Auth form handle the login process.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message