incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jens Alfke <>
Subject Re: to CouchApp or not to CouchApp
Date Tue, 16 Aug 2011 16:23:06 GMT

On Aug 16, 2011, at 9:06 AM, Robert Newson wrote:

Talk of 'following the standard' while preserving the behavior of
returning a 302 for an unauthorized request is contradictory. We're
deliberately not following the standard 401 response here because the
universal user agent behavior we'd get is unpalatable.

Yeah, this is a hack. It’s mixing up ‘CouchDB as REST data store’ with ‘CouchDB as
web-app server’. Returning a 302 might be appropriate at an application layer, but it’s
absolutely not at the REST/database layer.

Using the browser Accept header to determine behavior seems like the wrong thing to do, as
it’s only tenuously connected to the actual database/app dichotomy. (What if I’m asking
the database to fetch an attachment whose type is known to be text/html?)

Couldn’t the CouchApp define some kind of handler to be called in case of unauthorized access,
and that handler could then decide to return a 302?


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message