Unauthorized requests with(out) Accept: */* get different status codes
----------------------------------------------------------------------
Key: COUCHDB-972
URL: https://issues.apache.org/jira/browse/COUCHDB-972
Project: CouchDB
Issue Type: Bug
Components: Futon, HTTP Interface
Affects Versions: 1.0.1
Reporter: Benjamin Young
Priority: Minor
Sending a GET request without an Accept header set returns a 302 Found status
which redirects to the Futon's login page.
Sending a GET request with an Accept: */* (which is conceptually the same)
returns a 401 (as does setting Accept to anything else: application/json, etc).
The 401 code is the prefered response, but the 302 is in use to load the
HTML/JS-based login forms in Futon.
The options I can see to fix this are:
1. Return 302 if Accept is set to */*, but return 401 for application/json (and
possibly anything more specific).
2. Return 401 and load the Futon login page/system as the response body--some
browsers/clients may still load the HTTP Auth form in addition to the HTML one
in the body of the page.
3. Return 401 and let the browsers HTTP Auth form handle the login process.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
