incubator-couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benoit Chesneau <bchesn...@gmail.com>
Subject Re: redirection on authentification
Date Tue, 07 Dec 2010 10:38:54 GMT
On Tue, Dec 7, 2010 at 11:28 AM, Robert Newson <robert.newson@gmail.com> wrote:
> We do this on purpose (to prevent browsers prompting for credentials
> in a dialog box) but you can include a custom request header to get
> the WWW-Authenticate response header.

Yes.. What I said. Introducing wrong HTTP response is plainly wrong.
Especially in a database with a REST api.

>
> If you add a header called X-CouchDB-WWW-Authenticate then the value
> of that header is returned, verbatim, in WWW-Authenticate if
> authentication fails.

That's not what I mean.  I mean that we could detect authentication
from js and send a different header (401, but no WWW-Header) if not
authenticated. We already do that for cookie auth btw for same
purpose.

- benoit

Mime
View raw message