incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randall Leeds <randall.le...@gmail.com>
Subject Re: Debugging 302/Unauthorized error
Date Fri, 01 Jul 2011 21:51:19 GMT
On Thu, Jun 23, 2011 at 11:01, Jens Alfke <jens@mooseyard.com> wrote:
>
> On Jun 23, 2011, at 8:26 AM, Martin Hewitt wrote:
>
> 7. Attempt a PUT of a design doc:
>
> curl -i -X PUT -d
> "{\"one\":\"two\"}" http://testuser:testpassword@127.0.0.1:5984/testuser_database/_design/test/
>
> 8. I get an error response:
> HTTP/1.1 302 Moved Temporarily
> Server: CouchDB/1.2.0a1075588 (Erlang OTP/R14B)
> Location: http://127.0.0.1:5984/_utils/session.html?return=%2Fmartin_test%2F_design%2Ftest&reason=Name%20or%20password%20is%20incorrect.
>
> Slightly off-topic to the original question … but this seems like an
> inappropriate server response from an HTTP and API standpoint.
> 1. The client is sending credentials using HTTP auth (basic or digest). If
> the credentials are invalid the correct response is a 401 Unauthorized, not
> a redirect.

The reasoning was that this response makes Futon much more friendly
rather than relying on the browser's login dialogues.
With "Accept: application/json" I think CouchDB does respond with a 401.

> 2. The URL being redirected to is part of the Futon admin UI. This might be
> appropriate for an end-user interacting through a browser, but not for an
> app.

An app can use the content-type negotiation to receive the 401 and do
its own behavior (redirect, show dialog, etc).
Since JSON is the only official interface to CouchDB it's debatable
that CouchDB should be doing anything other than a 400 for this
request ;).

> 3. The _utils directory isn’t present in all CouchDB installations; e.g.
> mobile installs, so this redirect might go to a missing page.

I think you still have a valid point. If Futon were making every
request with XMLHTTPRequest it could handle a 401 in its own beautiful
way without CouchDB's coddling.
Perhaps this problem can go away with Futon2 which uses Sammyjs?

 Hopefully, others on the list know more about this issue than I do
and will correct me if I'm wrong.

Mime
View raw message