Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8242E4929 for ; Fri, 1 Jul 2011 21:51:50 +0000 (UTC) Received: (qmail 59278 invoked by uid 500); 1 Jul 2011 21:51:48 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 59102 invoked by uid 500); 1 Jul 2011 21:51:47 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 59074 invoked by uid 99); 1 Jul 2011 21:51:47 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Jul 2011 21:51:47 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=FREEMAIL_FROM,NORMAL_HTTP_TO_IP,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of randall.leeds@gmail.com designates 209.85.214.180 as permitted sender) Received: from [209.85.214.180] (HELO mail-iw0-f180.google.com) (209.85.214.180) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Jul 2011 21:51:40 +0000 Received: by iwn9 with SMTP id 9so6427598iwn.11 for ; Fri, 01 Jul 2011 14:51:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=ndm8OUO2sjCFIM/3Xbk4UtQYhR5Se0Rv9ixHN2BQXWE=; b=PeFEYMyTcPSjCzsLUjY3pcce92J5QnioBR8joVBmOGqsE4cLlccOpR8YIwc+oDE6tO V/QYPCvHCw5HlJuIzBH/uORTaP3VVnpI9FSsUB3sth8zy30RNkZWhTSyPV60rJetu6oX 9mOcR9rElbolb+fh9Vlj1p6UWDKuv59t2KRWc= MIME-Version: 1.0 Received: by 10.42.163.133 with SMTP id c5mr3713751icy.178.1309557079429; Fri, 01 Jul 2011 14:51:19 -0700 (PDT) Received: by 10.42.108.202 with HTTP; Fri, 1 Jul 2011 14:51:19 -0700 (PDT) In-Reply-To: <6E5EE7D2-2A09-4893-8110-1C3E2734F16D@mooseyard.com> References: <6E5EE7D2-2A09-4893-8110-1C3E2734F16D@mooseyard.com> Date: Fri, 1 Jul 2011 14:51:19 -0700 Message-ID: Subject: Re: Debugging 302/Unauthorized error From: Randall Leeds To: user@couchdb.apache.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Thu, Jun 23, 2011 at 11:01, Jens Alfke wrote: > > On Jun 23, 2011, at 8:26 AM, Martin Hewitt wrote: > > 7. Attempt a PUT of a design doc: > > curl -i -X PUT -d > "{\"one\":\"two\"}"=C2=A0http://testuser:testpassword@127.0.0.1:5984/test= user_database/_design/test/ > > 8. I get an error response: > HTTP/1.1 302 Moved Temporarily > Server: CouchDB/1.2.0a1075588 (Erlang OTP/R14B) > Location:=C2=A0http://127.0.0.1:5984/_utils/session.html?return=3D%2Fmart= in_test%2F_design%2Ftest&reason=3DName%20or%20password%20is%20incorrect. > > Slightly off-topic to the original question =E2=80=A6 but this seems like= an > inappropriate server response from an HTTP and API standpoint. > 1. The client is sending credentials using HTTP auth (basic or digest). I= f > the credentials are invalid the correct response is a 401 Unauthorized, n= ot > a redirect. The reasoning was that this response makes Futon much more friendly rather than relying on the browser's login dialogues. With "Accept: application/json" I think CouchDB does respond with a 401. > 2. The URL being redirected to is part of the Futon admin UI. This might = be > appropriate for an end-user interacting through a browser, but not for an > app. An app can use the content-type negotiation to receive the 401 and do its own behavior (redirect, show dialog, etc). Since JSON is the only official interface to CouchDB it's debatable that CouchDB should be doing anything other than a 400 for this request ;). > 3. The _utils directory isn=E2=80=99t present in all CouchDB installation= s; e.g. > mobile installs, so this redirect might go to a missing page. I think you still have a valid point. If Futon were making every request with XMLHTTPRequest it could handle a 401 in its own beautiful way without CouchDB's coddling. Perhaps this problem can go away with Futon2 which uses Sammyjs? Hopefully, others on the list know more about this issue than I do and will correct me if I'm wrong.