couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marcello Nuccio <marcello.nuc...@gmail.com>
Subject Re: /_session doesn't respond correctly to missing authorization
Date Fri, 11 Nov 2011 09:05:08 GMT
There's already a ticket: https://issues.apache.org/jira/browse/COUCHDB-1175

Marcello ;-)


2011/11/11 Jason Smith <jhs@iriscouch.com>:
> On Fri, Nov 11, 2011 at 7:46 AM, Jens Alfke <jens@couchbase.com> wrote:
>> CouchDB’s _session endpoint is violating the HTTP 1.1 spec in the way it responds
when not given a valid username/password.
>>
>> Here’s what RFC 2616 says:
>>> 10.4.2 401 Unauthorized
>>> The request requires user authentication. The response MUST include a WWW-Authenticate
header field (section 14.47) containing a challenge applicable to the requested resource.
>
> Interesting. What is the link to the JIRA ticket you created about this? :p
>
> You can work around this in the meantime by setting whatever header
> value you want in /_config/httpd/WWW-Authenticate. It will appear in
> your 401s.
>
> --
> Iris Couch
>

Mime
View raw message