You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by "Benjamin Young (JIRA)" <ji...@apache.org> on 2010/12/01 17:15:12 UTC
[jira] Updated: (COUCHDB-972) Unauthorized requests with(out)
Accept: */* get different status codes
[ https://issues.apache.org/jira/browse/COUCHDB-972?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Benjamin Young updated COUCHDB-972:
-----------------------------------
Description:
Sending a GET request for any URL of private/secured database without an Accept header set returns a 302 Found status which redirects to the Futon's login page.
Sending a GET request with an Accept: */* (which is conceptually the same) returns a 401 (as does setting Accept to anything else: application/json, etc).
The 401 code is the prefered response, but the 302 is in use to load the HTML/JS-based login forms in Futon.
The options I can see to fix this are:
1. Return 302 if Accept is set to */*, but return 401 for application/json (and possibly anything more specific).
2. Return 401 and load the Futon login page/system as the response body--some browsers/clients may still load the HTTP Auth form in addition to the HTML one in the body of the page.
3. Return 401 and let the browsers HTTP Auth form handle the login process.
was:
Sending a GET request without an Accept header set returns a 302 Found status which redirects to the Futon's login page.
Sending a GET request with an Accept: */* (which is conceptually the same) returns a 401 (as does setting Accept to anything else: application/json, etc).
The 401 code is the prefered response, but the 302 is in use to load the HTML/JS-based login forms in Futon.
The options I can see to fix this are:
1. Return 302 if Accept is set to */*, but return 401 for application/json (and possibly anything more specific).
2. Return 401 and load the Futon login page/system as the response body--some browsers/clients may still load the HTTP Auth form in addition to the HTML one in the body of the page.
3. Return 401 and let the browsers HTTP Auth form handle the login process.
> Unauthorized requests with(out) Accept: */* get different status codes
> ----------------------------------------------------------------------
>
> Key: COUCHDB-972
> URL: https://issues.apache.org/jira/browse/COUCHDB-972
> Project: CouchDB
> Issue Type: Bug
> Components: Futon, HTTP Interface
> Affects Versions: 1.0.1
> Reporter: Benjamin Young
> Priority: Minor
>
> Sending a GET request for any URL of private/secured database without an Accept header set returns a 302 Found status which redirects to the Futon's login page.
> Sending a GET request with an Accept: */* (which is conceptually the same) returns a 401 (as does setting Accept to anything else: application/json, etc).
> The 401 code is the prefered response, but the 302 is in use to load the HTML/JS-based login forms in Futon.
> The options I can see to fix this are:
> 1. Return 302 if Accept is set to */*, but return 401 for application/json (and possibly anything more specific).
> 2. Return 401 and load the Futon login page/system as the response body--some browsers/clients may still load the HTTP Auth form in addition to the HTML one in the body of the page.
> 3. Return 401 and let the browsers HTTP Auth form handle the login process.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.