couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Smith <...@iriscouch.com>
Subject Re: to CouchApp or not to CouchApp
Date Tue, 16 Aug 2011 14:54:30 GMT
On Tue, Aug 16, 2011 at 9:30 PM, Marcello Nuccio
<marcello.nuccio@gmail.com> wrote:
> Since sketch.png is available only as "image/png", Apache responds
> with "image/png" even if "image/jpeg" is preferred according to the
> Accept header.
>
>>> This is what I do if the user is authenticated, and I see no reason
>>> for not doing it when the response is a 401.
>>
>> i don't follow. how it is related?
>
>
> I ask to apply the same logic whatever the status code of the
> response. If when the response is "200 OK" the content-type is
> "text/html", then why not respond with the same content-type for a
> "401 Unauthorized" response?
>
> Obviously the content will be different (an html login form for the 401).

Did you see my previous two emails? Quick summary:

1. That is not the standard. IMHO, if CouchDB should change, it should
change toward the standard.
2. Regardless of #1, it is hard to implement. The example of a public
image is not the question. The question is you request *something* but
you do not have permission. How should Couch respond? To me, the
answer is becoming very clear: obey the client Accept header. If the
client explicitly asks for HTML, send a 302 bounce; otherwise send 401
JSON. If that breaks futon or some applications, we can fix those
as-needed once and for all.

-- 
Iris Couch

Mime
View raw message