incubator-couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filipe David Manana <fdman...@apache.org>
Subject Re: redirection on authentification
Date Tue, 07 Dec 2010 12:22:36 GMT
On Tue, Dec 7, 2010 at 10:19 AM, Benoit Chesneau <bchesneau@gmail.com> wrote:
> Which is wrong if we follow the spec. "The response MUST include a
> WWW-Authenticate header field [..] [1] . It also introduce some bugs,
> try for example to create a database when not logged.
>
> The reason we use a 302 actually is for couchapps. I think we should
> change that behavior:
>
> 1. Provide appropriate HTTP response by default
> 2. Use the tricks of cookie auth (specific header) to let the
> CouchApps access to CouchDB. Something like "X-Auth-..." headre in the
> request that notify us we need to  send a response that will not
> raises the dialog box in browsers.

Benoît,

I'm not a CouchApps developer, so I'm not completely aware of all the
issues involved. Nevertheless, I support your idea.
The issue you describe is related to
https://issues.apache.org/jira/browse/COUCHDB-972 I think.

>
> Thoughts ?
>
> [1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2
>
>
> - benoît
>



-- 
Filipe David Manana,
fdmanana@gmail.com, fdmanana@apache.org

"Reasonable men adapt themselves to the world.
 Unreasonable men adapt the world to themselves.
 That's why all progress depends on unreasonable men."

Mime
View raw message