incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jens Alfke <>
Subject WWW-Authenticate behavior has gotten worse in 1.4
Date Wed, 09 Oct 2013 17:31:31 GMT
CouchDB’s always has the problem/feature that by default it returns 401 responses without
the required “WWW-Authenticate” header. This pretty much disables HTTP Basic auth since
the client doesn’t know what kind of auth to use or what realm to look up credentials for.
Fortunately you can add a “WWW-Authenticate” key to the [httpd] section of the config
file to enable this response header.

This no longer seems to be working in CouchDB 1.4. When the server starts up it lowercases
the key name, turning it into “www-authenticate”, which isn’t recognized. Worse, it
_rewrites_ the config file with the incorrect name. The only way to set this config value
properly is to do it at runtime via Futon or the REST _config API, but the change doesn’t
persist, so it has to be done after every launch.

I filed COUCHDB-1479 on this a year+ ago, but it’s gotten worse with 1.4. It used to be
that you could hand-edit the config file with the uppercase key and it would persist; but
in 1.4 it immediately gets lowercased. Any ideas on whether there’s a way to work around

View raw message