incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marcello Nuccio <marcello.nuc...@gmail.com>
Subject Re: to CouchApp or not to CouchApp
Date Tue, 16 Aug 2011 16:52:58 GMT
But, by default, CouchDB does not send the WWW-Authenticate header,
and no one has asked to change this default.

Marcello

2011/8/16 Robert Newson <rnewson@apache.org>:
> a 401 response MUST include a WWW-Authenticate header, this causes an
> unstylable modal dialog box on all browsers (the HTML you want to send
> will not matter).
>
> This is why we cannot do as you suggest.
>
> B.
>
> On 16 August 2011 17:45, Marcello Nuccio <marcello.nuccio@gmail.com> wrote:
>> 2011/8/16 Jens Alfke <jens@couchbase.com>:
>>>
>>> On Aug 16, 2011, at 9:16 AM, Marcello Nuccio wrote:
>>>
>>>> Ignoring for an instant that this is hard to implement, as Jason says.
>>>> What is the problem if I send an HTML response, if the requested
>>>> resource is HTML?
>>>
>>> Because if the client requesting the HTML is not a user-facing web browser, the
302 is the wrong response, because the client won’t know what to do with the resulting login
form (unless it does screen-scraping.) I’ve already run into this in implementing my CouchCocoa
framework.
>>
>>
>> I am not saying to respond with 302. I am saying:
>>
>>  - ALWAYS respond with 401
>>  - IF the Accept header says "text/html" is a valid response AND the
>> requested resource is of type "text/html", THEN send HTML in the body
>> of the response, ELSE send JSON.
>>
>> Never send 302 instead of 401.
>> Never send HTML if not "accepted" by the client and it is the type of
>> the requested resource.
>>
>> Why is this not standard compliant?
>>
>> Marcello
>>
>

Mime
View raw message