[
https://issues.apache.org/jira/browse/COUCHDB-1175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13153301#comment-13153301
]
Ari Najarian commented on COUCHDB-1175:
---------------------------------------
Hi folks,
I was shocked, and quite happy, to discover a thread that discusses the obscure
issue I'm having. This alone prompted me to sign up to the forum so I could
upvote this issue and watch it.
Like Marcello and Johannes, I'm trying to work on a secure couchapp, and am
coming up against the same problem. If I restrict access to particular database
to authenticated readers only, then when anyone navigates to the design
document, they get a JSON response instead of a redirect.
Jason mentioned that the problem was insufficiently defined to move forward. As
I see it, the problem is quite simple : right now, one can either create a
couchapp that sits upon a database that anonymous users can access, OR they can
create a secure document repository that only non-browser clients can interact
with. However, there is no way to create a couchapp that interacts with a
secure database, as there's no way to authenticate the user if they hit up the
application.
I don't want anonymous users to be able to access the information in my
database through REST. I don't know a damned thing about HTTP headers,
responses or content-types. I'm hoping this is an easy fix that will be pushed
out to the internet soon. From the pros in this forum, any idea how long I may
have to wait to see this bug resolved?
> Improve content type negotiation for couchdb JSON responses
> -----------------------------------------------------------
>
> Key: COUCHDB-1175
> URL: https://issues.apache.org/jira/browse/COUCHDB-1175
> Project: CouchDB
> Issue Type: Improvement
> Affects Versions: 1.0.2
> Reporter: Robert Newson
> Priority: Blocker
> Fix For: 1.2
>
>
> Currently we ignore qvalues when negotiation between 'application/json' and
> 'text/plain' when returning JSON responses.
> Specifically, we test directly for 'application/json' or 'text/plain' in the
> Accept header. Different branches have different bugs, though. Trunk returns
> 'application/json' if 'application/json' is present at all, even if it's less
> preferred than 'text/plain' when qvalues are accounted for.
> We should follow the standard.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
