couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Newson <rnew...@apache.org>
Subject Re: auth in url funnies
Date Fri, 22 Mar 2013 13:05:41 GMT
That's by design. In 1.2.0 you can only see your own user document.

B.

On 22 March 2013 13:03, svilen <az@svilendobrev.com> wrote:
> g'day
> i am playing with the plain user:psw auth in url, and it gives funny
> results. at least to me.. (couchdb 1.2.0 in latest ubuntu)
>
> i register some user, say name=a/psw=b.
>
> with auth:
> $ curl GET http://a:b@/_users/org.couchdb.user:a
> is fine
>
> without auth:
> $ curl GET http://_users/org.couchdb.user:a
> returns 404 {"error":"not_found","reason":"missing"}
>
> now with auth, but in browsers:
>  - opera http://a:b@/_users/org.couchdb.user:a works
>  - firefox http://a:b@/_users/org.couchdb.user:a warns about "server not
>  needing authentication".. and strips the usr/psw yielding 404
>  - iexplorer - 404 - strips unconditionaly
>
> is this something that is expected to be so?
> maybe the error can be changed (to 401) ?
>
> i don't know that part about the "server not needing authentication" ..
> maybe something in the headers ? or some config of couch_httpd_auth ?
>
> ciao
> svilen

Mime
View raw message