incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Newson <rnew...@apache.org>
Subject Re: to CouchApp or not to CouchApp
Date Tue, 16 Aug 2011 16:48:46 GMT
a 401 response MUST include a WWW-Authenticate header, this causes an
unstylable modal dialog box on all browsers (the HTML you want to send
will not matter).

This is why we cannot do as you suggest.

B.

On 16 August 2011 17:45, Marcello Nuccio <marcello.nuccio@gmail.com> wrote:
> 2011/8/16 Jens Alfke <jens@couchbase.com>:
>>
>> On Aug 16, 2011, at 9:16 AM, Marcello Nuccio wrote:
>>
>>> Ignoring for an instant that this is hard to implement, as Jason says.
>>> What is the problem if I send an HTML response, if the requested
>>> resource is HTML?
>>
>> Because if the client requesting the HTML is not a user-facing web browser, the 302
is the wrong response, because the client won’t know what to do with the resulting login
form (unless it does screen-scraping.) I’ve already run into this in implementing my CouchCocoa
framework.
>
>
> I am not saying to respond with 302. I am saying:
>
>  - ALWAYS respond with 401
>  - IF the Accept header says "text/html" is a valid response AND the
> requested resource is of type "text/html", THEN send HTML in the body
> of the response, ELSE send JSON.
>
> Never send 302 instead of 401.
> Never send HTML if not "accepted" by the client and it is the type of
> the requested resource.
>
> Why is this not standard compliant?
>
> Marcello
>

Mime
View raw message