You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by "Ari Najarian (Commented) (JIRA)" <ji...@apache.org> on 2011/11/19 02:11:51 UTC

[jira] [Commented] (COUCHDB-1175) Improve content type negotiation for couchdb JSON responses

    [ https://issues.apache.org/jira/browse/COUCHDB-1175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13153301#comment-13153301 ] 

Ari Najarian commented on COUCHDB-1175:
---------------------------------------

Hi folks,

I was shocked, and quite happy, to discover a thread that discusses the obscure issue I'm having. This alone prompted me to sign up to the forum so I could upvote this issue and watch it.

Like Marcello and Johannes, I'm trying to work on a secure couchapp, and am coming up against the same problem. If I restrict access to particular database to authenticated readers only, then when anyone navigates to the design document, they get a JSON response instead of a redirect.

Jason mentioned that the problem was insufficiently defined to move forward. As I see it, the problem is quite simple : right now, one can either create a couchapp that sits upon a database that anonymous users can access, OR they can create a secure document repository that only non-browser clients can interact with. However, there is no way to create a couchapp that interacts with a secure database, as there's no way to authenticate the user if they hit up the application.

I don't want anonymous users to be able to access the information in my database through REST. I don't know a damned thing about HTTP headers, responses or content-types. I'm hoping this is an easy fix that will be pushed out to the internet soon. From the pros in this forum, any idea how long I may have to wait to see this bug resolved?
                
> Improve content type negotiation for couchdb JSON responses
> -----------------------------------------------------------
>
>                 Key: COUCHDB-1175
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-1175
>             Project: CouchDB
>          Issue Type: Improvement
>    Affects Versions: 1.0.2
>            Reporter: Robert Newson
>            Priority: Blocker
>             Fix For: 1.2
>
>
> Currently we ignore qvalues when negotiation between 'application/json' and 'text/plain' when returning JSON responses.
> Specifically, we test directly for 'application/json' or 'text/plain' in the Accept header. Different branches have different bugs, though. Trunk returns 'application/json' if 'application/json' is present at all, even if it's less preferred than 'text/plain' when qvalues are accounted for.
> We should follow the standard.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira