Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4F203896C for ; Tue, 16 Aug 2011 17:06:06 +0000 (UTC) Received: (qmail 4644 invoked by uid 500); 16 Aug 2011 17:06:04 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 4590 invoked by uid 500); 16 Aug 2011 17:06:03 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 4582 invoked by uid 99); 16 Aug 2011 17:06:03 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Aug 2011 17:06:03 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of scott.shattuck@gmail.com designates 209.85.160.180 as permitted sender) Received: from [209.85.160.180] (HELO mail-gy0-f180.google.com) (209.85.160.180) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Aug 2011 17:05:57 +0000 Received: by gyc15 with SMTP id 15so126610gyc.11 for ; Tue, 16 Aug 2011 10:05:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=dCYpSdkr0pIizYHTz9aRsXS28QhQWvN9uxDykoL5VMc=; b=yETpPU/Ac7PLY+/eqhZ0WuHCpxQei5IIAUA8NkiQ/BHyc/yF++6Pg9N1P6tibc60PW 8/TbRHR59m3QrV3yejUjmlRRgVntqpEJgwm1Nsr4MBxcOZGn8r8QUALZcCYqUqAcH9Q5 /xylE2DU+EHihP1SMAG39wfir9O1v/SREbcQo= MIME-Version: 1.0 Received: by 10.150.194.10 with SMTP id r10mr50163ybf.318.1313514336709; Tue, 16 Aug 2011 10:05:36 -0700 (PDT) Received: by 10.150.201.9 with HTTP; Tue, 16 Aug 2011 10:05:36 -0700 (PDT) In-Reply-To: References: <4E371B93.8060303@kearns.net.au> Date: Tue, 16 Aug 2011 11:05:36 -0600 Message-ID: Subject: Re: to CouchApp or not to CouchApp From: Scott Shattuck To: user@couchdb.apache.org Content-Type: text/plain; charset=ISO-8859-1 On Tue, Aug 16, 2011 at 10:48 AM, Robert Newson wrote: > a 401 response MUST include a WWW-Authenticate header, this causes an > unstylable modal dialog box on all browsers (the HTML you want to send > will not matter). > > This is why we cannot do as you suggest. I'm new to the list and somewhat new to this discussion so I may be off in the weeds here but if I can recap: You're arguing that CouchDB should explicitly do something non-standard based on presumptions about the nature and capabilities of a specific type of client. Not only would CouchDB be making the presumption that it's a "browser" of current capability but also assuming that the request isn't being made via XMLHttpRequest such that the client code might process the 401 in its own fashion/with its own UI. I'd suggest that neither of these assumptions seem to be in keeping with "best practices" in terms of allowing the web/browser landscape to evolve in a positive direction. Developers should be able to count on a standards-compliant server. Browsers are a known weak spot in the web and we've been working around their shortcomings for a decade. I think most client developers assume that will continue to be true for quite some time. Making the server less compliant only makes it worse. Again, I'm new here so I'm very open to being educated on the rest of the issues. But, modal dialog pain or not, I'd still argue for a 401 if the server's sense of reality is the client is "Unauthorized". ss