couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Smith <>
Subject Re: /_session doesn't respond correctly to missing authorization
Date Fri, 11 Nov 2011 01:10:54 GMT
On Fri, Nov 11, 2011 at 7:46 AM, Jens Alfke <> wrote:
> CouchDB’s _session endpoint is violating the HTTP 1.1 spec in the way it responds when
not given a valid username/password.
> Here’s what RFC 2616 says:
>> 10.4.2 401 Unauthorized
>> The request requires user authentication. The response MUST include a WWW-Authenticate
header field (section 14.47) containing a challenge applicable to the requested resource.

Interesting. What is the link to the JIRA ticket you created about this? :p

You can work around this in the meantime by setting whatever header
value you want in /_config/httpd/WWW-Authenticate. It will appear in
your 401s.

Iris Couch

View raw message