You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2020/03/30 22:46:44 UTC

[GitHub] [couchdb] hawkrdg commented on issue #2730: 403 accessing _users

hawkrdg commented on issue #2730: 403 accessing _users
URL: https://github.com/apache/couchdb/issues/2730#issuecomment-606291265

I should note that I am running https on the server but this should not matter one way or the other.

the simplest test - fauxton - login as server admin, open a new browser tab and try https://couchurl:6984/_users/org.couchdb.user:someusername - this works 200 in devtools
logout of fauxton and log back in as someusername, go back to the other tab and refresh
http://couchurl:6984/_users/org.couchdb.user:someusername - this doesn't work - 403 in devtools
logout of fauxton and log back in as a server admin, go back to the other tab and refresh
http://couchurl:6984/_users/org.couchdb.user:someusername - this works 200 in devtools

I can't resolve this and don't understand closing it. I am SUPPOSED to be able to get my own user record, just like in v2.x where it worked just fine. I have tested this using curl and using my angular http couch wrapper. Still fails and the new docs don't cover this. Is this a design change that only server admins can access any part of _users - sure makes it hard for a user to change their password.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

With regards,
Apache Git Services