couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jens Alfke <j...@mooseyard.com>
Subject Re: Debugging 302/Unauthorized error
Date Thu, 23 Jun 2011 18:01:22 GMT

On Jun 23, 2011, at 8:26 AM, Martin Hewitt wrote:

> 7. Attempt a PUT of a design doc:
> 
>> curl -i -X PUT -d "{\"one\":\"two\"}" http://testuser:testpassword@127.0.0.1:5984/testuser_database/_design/test/
> 
> 8. I get an error response:
> HTTP/1.1 302 Moved Temporarily
> Server: CouchDB/1.2.0a1075588 (Erlang OTP/R14B)
> Location: http://127.0.0.1:5984/_utils/session.html?return=%2Fmartin_test%2F_design%2Ftest&reason=Name%20or%20password%20is%20incorrect.

Slightly off-topic to the original question … but this seems like an inappropriate server
response from an HTTP and API standpoint.

1. The client is sending credentials using HTTP auth (basic or digest). If the credentials
are invalid the correct response is a 401 Unauthorized, not a redirect.
2. The URL being redirected to is part of the Futon admin UI. This might be appropriate for
an end-user interacting through a browser, but not for an app.
3. The _utils directory isn’t present in all CouchDB installations; e.g. mobile installs,
so this redirect might go to a missing page.

—Jens
Mime
View raw message