Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5D1E948E1 for ; Fri, 17 Jun 2011 12:28:43 +0000 (UTC) Received: (qmail 76993 invoked by uid 500); 17 Jun 2011 12:28:41 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 76949 invoked by uid 500); 17 Jun 2011 12:28:41 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 76941 invoked by uid 99); 17 Jun 2011 12:28:41 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 Jun 2011 12:28:41 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RFC_ABUSE_POST,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of marcello.nuccio@gmail.com designates 209.85.220.180 as permitted sender) Received: from [209.85.220.180] (HELO mail-vx0-f180.google.com) (209.85.220.180) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 Jun 2011 12:28:35 +0000 Received: by vxd7 with SMTP id 7so296558vxd.11 for ; Fri, 17 Jun 2011 05:28:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type; bh=FwEBXzZIQKxX99JRRgNKDUOY+UQxj1LG/glD6WUOEj4=; b=wESPyAA0QJigo+vALb2oE74FMkPlBT9Gx0M+hwnDnPkAi0X2GBx4d+O5uvyjEGTfvK P+DdFK/aYbEcAo+XeW5S9MLQJa+uTZ3xftbmObBxM/YKPDwv9z01rbp1Aldxucc4qisn abYzL4hv6FUuotSVhI/vzpFCZ2HLPramU+jDw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=dLsVVlTK1sBZkAJWxSOGz8vmzWYmdZYvo0MaUyAGEMlPaHJav+OLox3vAV7n9mBfbp T7oo6uGhwBIZuJoLfPJ7bVM/A17wZJ3HX7IVmdWvXfaZoEN8DlLZ0sfRxZ8X17SYsiYP abEQ9hiCYbjZbiPBmSAMcH6Ahg8fqsKu/DZCQ= MIME-Version: 1.0 Received: by 10.52.92.132 with SMTP id cm4mr3076557vdb.266.1308313694463; Fri, 17 Jun 2011 05:28:14 -0700 (PDT) Received: by 10.52.161.226 with HTTP; Fri, 17 Jun 2011 05:28:14 -0700 (PDT) Date: Fri, 17 Jun 2011 14:28:14 +0200 Message-ID: Subject: Bug parsing Accept header? From: Marcello Nuccio To: user@couchdb.apache.org Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org Trying to debug why the configuration option `authentication_redirect` did stopped working in CouchDB-1.1, I have finally nailed it down to a simple use-case. You can reproduce it with the following commands (assuming you have setup and admin user with name "admin" and password "pass": $ curl -X PUT 'http://admin:pass@localhost:5984/testauth' {"ok":true} $ cat security.json {"admins":{"names":["boutique"],"roles":[]},"readers":{"names":[],"roles":["azienda"]}} $ curl -X PUT 'http://admin:pass@localhost:5984/testauth/_security' -d @security.json -H 'Content-Type: application/json; charset=UTF-8' {"ok":true} $ curl -D- 'http://admin:pass@localhost:5984/testauth' HTTP/1.1 200 OK Server: CouchDB/1.1.0 (Erlang OTP/R14B03) Date: Fri, 17 Jun 2011 11:56:32 GMT Content-Type: text/plain;charset=utf-8 Content-Length: 215 Cache-Control: must-revalidate {"db_name":"testauth","doc_count":0,"doc_del_count":0,"update_seq":1,"purge_seq":0,"compact_running":false,"disk_size":4171,"instance_start_time":"1308310604678421","disk_format_version":5,"committed_update_seq":1} $ curl -D- 'http://localhost:5984/testauth' HTTP/1.1 401 Unauthorized Server: CouchDB/1.1.0 (Erlang OTP/R14B03) Date: Fri, 17 Jun 2011 11:56:44 GMT Content-Type: text/plain;charset=utf-8 Content-Length: 78 Cache-Control: must-revalidate {"error":"unauthorized","reason":"You are not authorized to access this db."} $ curl -D- 'http://localhost:5984/testauth' -H 'Accept: text/html,*/*;q=0.0' HTTP/1.1 302 Moved Temporarily Server: CouchDB/1.1.0 (Erlang OTP/R14B03) Location: http://localhost:5984/cerbero/_design/cerbero/login.html?return=%2Ftestauth&reason=You%20are%20not%20authorized%20to%20access%20this%20db. Date: Fri, 17 Jun 2011 11:57:41 GMT Content-Type: text/plain;charset=utf-8 Content-Length: 78 Cache-Control: must-revalidate {"error":"unauthorized","reason":"You are not authorized to access this db."} $ curl -D- 'http://localhost:5984/testauth' -H 'Accept: text/html,*/*;q=0.1' HTTP/1.1 401 Unauthorized Server: CouchDB/1.1.0 (Erlang OTP/R14B03) Date: Fri, 17 Jun 2011 11:57:55 GMT Content-Type: text/plain;charset=utf-8 Content-Length: 78 Cache-Control: must-revalidate {"error":"unauthorized","reason":"You are not authorized to access this db."} This last one should give you the same "302 Moved Temporarily" response as the previous one, because we accept "text/html". The problem is that Firefox uses a similar Accept header, so it gets a 401 Unauthorized error instead of being redirected to the login page. I think the problem was introduced by this commit: https://github.com/apache/couchdb/commit/0264c51de7f281bc3b01d51e43831da2bcc741df Is this a bug, or is intended behaviour? Thanks, Marcello