You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by "Alexander Shorin (JIRA)" <ji...@apache.org> on 2013/06/30 07:11:20 UTC
[jira] [Closed] (COUCHDB-972) Unauthorized requests with(out)
Accept: */* get different status codes
[ https://issues.apache.org/jira/browse/COUCHDB-972?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alexander Shorin closed COUCHDB-972.
------------------------------------
Resolution: Fixed
Fix Version/s: 1.2
> Sending a GET request for any URL of private/secured database without an Accept header set returns a 302 Found status which redirects to the Futon's login page.
$ curl -v -XGET http://10.5.0.75:5984/_config -H "Accept:"
* About to connect() to 10.5.0.75 port 5984 (#0)
* Trying 10.5.0.75...
* Adding handle: conn: 0x2232fd0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x2232fd0) send_pipe: 1, recv_pipe: 0
* Connected to 10.5.0.75 (10.5.0.75) port 5984 (#0)
> GET /_config HTTP/1.1
> User-Agent: curl/7.30.0
> Host: 10.5.0.75:5984
>
< HTTP/1.1 401 Unauthorized
* Server CouchDB/1.2.2 (Erlang OTP/R15B03) is not blacklisted
< Server: CouchDB/1.2.2 (Erlang OTP/R15B03)
< Date: Sun, 30 Jun 2013 04:21:11 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 64
< Cache-Control: must-revalidate
<
{"error":"unauthorized","reason":"You are not a server admin."}
* Connection #0 to host 10.5.0.75 left intact
Looks like it was fixed in [03ede5b|https://git-wip-us.apache.org/repos/asf?p=couchdb.git;a=commit;h=03ede5b036c48d0a212fac033cd90e5b041913ad]
> Unauthorized requests with(out) Accept: */* get different status codes
> ----------------------------------------------------------------------
>
> Key: COUCHDB-972
> URL: https://issues.apache.org/jira/browse/COUCHDB-972
> Project: CouchDB
> Issue Type: Bug
> Components: Futon, HTTP Interface
> Affects Versions: 1.0.1
> Reporter: Benjamin Young
> Assignee: Filipe Manana
> Priority: Minor
> Fix For: 1.2
>
> Original Estimate: 0h
> Remaining Estimate: 0h
>
> Sending a GET request for any URL of private/secured database without an Accept header set returns a 302 Found status which redirects to the Futon's login page.
> Sending a GET request with an Accept: */* (which is conceptually the same) returns a 401 (as does setting Accept to anything else: application/json, etc).
> The 401 code is the prefered response, but the 302 is in use to load the HTML/JS-based login forms in Futon.
> The options I can see to fix this are:
> 1. Return 302 if Accept is set to */*, but return 401 for application/json (and possibly anything more specific).
> 2. Return 401 and load the Futon login page/system as the response body--some browsers/clients may still load the HTTP Auth form in addition to the HTML one in the body of the page.
> 3. Return 401 and let the browsers HTTP Auth form handle the login process.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira