You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by "Paul Hammant (JIRA)" <ji...@apache.org> on 2015/12/23 01:42:46 UTC

[jira] [Created] (COUCHDB-2919) Redirect to hosted login (set cookie) redirect to referer

Paul Hammant created COUCHDB-2919:
-------------------------------------

             Summary: Redirect to hosted login (set cookie) redirect to referer
                 Key: COUCHDB-2919
                 URL: https://issues.apache.org/jira/browse/COUCHDB-2919
             Project: CouchDB
          Issue Type: Wish
          Components: HTTP Interface
            Reporter: Paul Hammant


Redirect is a common authentication mechanism. (http://paulhammant.com/2011/11/22/google-accounts-architectural-meaning/) A skinny design for CouchDB could be to allow a redirect from a site, set a cookie on success, then redirect back to a referrer URL. Subsequent XHR GETs/PUTs to CouchDB would use the cookie just fine.

in the configuration, as for CORS, CouchDB could allow a whitelist of allowed referrers for a redirected login experience.   Ask if you want me to explain more (sequence diagrams, etc).

Maybe a https://localhost:5984/_is_authenticated would help UIs determine whether a redirect should be offered to the end user.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)