incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Shattuck <scott.shatt...@gmail.com>
Subject Re: to CouchApp or not to CouchApp
Date Tue, 16 Aug 2011 17:05:36 GMT
On Tue, Aug 16, 2011 at 10:48 AM, Robert Newson <rnewson@apache.org> wrote:
> a 401 response MUST include a WWW-Authenticate header, this causes an
> unstylable modal dialog box on all browsers (the HTML you want to send
> will not matter).
>
> This is why we cannot do as you suggest.

I'm new to the list and somewhat new to this discussion so I may be
off in the weeds here but if I can recap:

You're arguing that CouchDB should explicitly do something
non-standard based on presumptions about the nature and capabilities
of a specific type of client.

Not only would CouchDB be making the presumption that it's a "browser"
of current capability but also assuming that the request isn't being
made via XMLHttpRequest such that the client code might process the
401 in its own fashion/with its own UI.

I'd suggest that neither of these assumptions seem to be in keeping
with "best practices" in terms of allowing the web/browser landscape
to evolve in a positive direction. Developers should be able to count
on a standards-compliant server. Browsers are a known weak spot in the
web and we've been working around their shortcomings for a decade. I
think most client developers assume that will continue to be true for
quite some time. Making the server less compliant only makes it worse.

Again, I'm new here so I'm very open to being educated on the rest of
the issues. But, modal dialog pain or not, I'd still argue for a 401
if the server's sense of reality is the client is "Unauthorized".

ss

Mime
View raw message