Hi all, I'm starting to hate our authentication system. We have now an authentication system which default behaviour is to answer to browsers or ajax calls. Ie we redirect on fail login. Last change for example in cookie auth make the API raises a 401 only when fail parameter is given in the uri.
While this default behaviour may be good for some couchapps, I would prefer that the default behaviour would be a full HTTP behaviour, so we can consider coudhdb as full store. Also this system doesn't work well in some couchapps too. So I propose to have this default HTTP behaviour - forbidden -> raise 403 and return a body - unauthenticated -> raise 401 and return a body And that's all. Redirection should be in my opinion something either forced in the settings or via a url params (or headers). That can be both. Although, I'm not sure why we have redirection here when we could have depending on the Accept header either a json or an html page. Anyway, making this redirection something that must be forced is something I would like to introduce for 2.0x. Thoughts ? - benoƮt
