incubator-couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benoit Chesneau <bchesn...@gmail.com>
Subject Re: redirection on authentification
Date Tue, 07 Dec 2010 13:02:47 GMT
damn. Some typos. Here is better text

 Hi all,

I'm experimenting problem with the current method used when
authentication fail. If you pass  authentication headers you are
redirected to an html page asking for credentials. So technically we
do :

 401 -> 302 -> 200

Which is wrong if we follow the spec. "The response MUST include a
WWW-Authenticate header field [..] [1] . It also introduce some bugs,
try for example to create a database when not logged.

 The reason we use a 302 actually is for couchapps. I think we should
change that behavior:

1. Provide appropriate HTTP response by default
2. Use the tricks of cookie auth (specific header) to let the
CouchApps access to CouchDB. Something like "X-Auth-..." header in the
request that notify us we need to send a response that will not
raises the dialog box in browsers.

Thoughts ?

[1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2

 - benoƮt

Mime
View raw message