You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by jc...@apache.org on 2010/07/25 20:16:54 UTC

svn commit: r979083 - in /couchdb/branches/1.0.x: etc/couchdb/local.ini src/couchdb/couch_httpd.erl

Author: jchris
Date: Sun Jul 25 18:16:54 2010
New Revision: 979083

URL: http://svn.apache.org/viewvc?rev=979083&view=rev
Log:
send a basic-auth popup header if require_valid_user=true, to prevent lock-out

Modified:
    couchdb/branches/1.0.x/etc/couchdb/local.ini
    couchdb/branches/1.0.x/src/couchdb/couch_httpd.erl

Modified: couchdb/branches/1.0.x/etc/couchdb/local.ini
URL: http://svn.apache.org/viewvc/couchdb/branches/1.0.x/etc/couchdb/local.ini?rev=979083&r1=979082&r2=979083&view=diff
==============================================================================
--- couchdb/branches/1.0.x/etc/couchdb/local.ini (original)
+++ couchdb/branches/1.0.x/etc/couchdb/local.ini Sun Jul 25 18:16:54 2010
@@ -14,7 +14,9 @@
 ;WWW-Authenticate = Basic realm="administrator"
 
 [couch_httpd_auth]
-; if you set this to true, you should also uncomment the WWW-Authenticate line above
+; If you set this to true, you should also uncomment the WWW-Authenticate line
+; above. If you don't configure a WWW-Authenticate header, CouchDB will send
+; Basic realm="server" in order to prevent you getting logged out.
 ; require_valid_user = false
 
 [log]

Modified: couchdb/branches/1.0.x/src/couchdb/couch_httpd.erl
URL: http://svn.apache.org/viewvc/couchdb/branches/1.0.x/src/couchdb/couch_httpd.erl?rev=979083&r1=979082&r2=979083&view=diff
==============================================================================
--- couchdb/branches/1.0.x/src/couchdb/couch_httpd.erl (original)
+++ couchdb/branches/1.0.x/src/couchdb/couch_httpd.erl Sun Jul 25 18:16:54 2010
@@ -750,7 +750,8 @@ error_headers(#httpd{mochi_req=MochiReq}
                     AuthRedirect ->
                         case couch_config:get("couch_httpd_auth", "require_valid_user", "false") of
                         "true" ->
-                            {Code, []};
+                            % send the browser popup header no matter what if we are require_valid_user
+                            {Code, [{"WWW-Authenticate", "Basic realm=\"server\""}]};
                         _False ->
                             % if the accept header matches html, then do the redirect. else proceed as usual.
                             case re:run(MochiReq:get_header_value("Accept"), "html", [{capture, none}]) of