Return-Path: Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: (qmail 83225 invoked from network); 1 Dec 2010 19:51:33 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 1 Dec 2010 19:51:33 -0000 Received: (qmail 3001 invoked by uid 500); 1 Dec 2010 19:51:32 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 2933 invoked by uid 500); 1 Dec 2010 19:51:32 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 2895 invoked by uid 99); 1 Dec 2010 19:51:32 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Dec 2010 19:51:32 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Dec 2010 19:51:32 +0000 Received: from thor (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id oB1JpC0f015900 for ; Wed, 1 Dec 2010 19:51:12 GMT Message-ID: <18223684.53711291233072027.JavaMail.jira@thor> Date: Wed, 1 Dec 2010 14:51:12 -0500 (EST) From: "Benjamin Young (JIRA)" To: dev@couchdb.apache.org Subject: [jira] Commented: (COUCHDB-972) Unauthorized requests with(out) Accept: */* get different status codes In-Reply-To: <5508255.48491291219631924.JavaMail.jira@thor> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/COUCHDB-972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12965821#action_12965821 ] Benjamin Young commented on COUCHDB-972: ---------------------------------------- Important Note about option #1: Futon's JS doesn't currently send an Accept header, and so (if option #1 is implemented) would begin getting 302 responses rather than 401's which would break the private database notifications. Instead, the Futon would output the HTML from the destination of the 302. > Unauthorized requests with(out) Accept: */* get different status codes > ---------------------------------------------------------------------- > > Key: COUCHDB-972 > URL: https://issues.apache.org/jira/browse/COUCHDB-972 > Project: CouchDB > Issue Type: Bug > Components: Futon, HTTP Interface > Affects Versions: 1.0.1 > Reporter: Benjamin Young > Assignee: Filipe Manana > Priority: Minor > Original Estimate: 0h > Remaining Estimate: 0h > > Sending a GET request for any URL of private/secured database without an Accept header set returns a 302 Found status which redirects to the Futon's login page. > Sending a GET request with an Accept: */* (which is conceptually the same) returns a 401 (as does setting Accept to anything else: application/json, etc). > The 401 code is the prefered response, but the 302 is in use to load the HTML/JS-based login forms in Futon. > The options I can see to fix this are: > 1. Return 302 if Accept is set to */*, but return 401 for application/json (and possibly anything more specific). > 2. Return 401 and load the Futon login page/system as the response body--some browsers/clients may still load the HTTP Auth form in addition to the HTML one in the body of the page. > 3. Return 401 and let the browsers HTTP Auth form handle the login process. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.