Hello, I've noticed that in all versions of Nuxeo > 5.2m3, restlets do not seem to challenge clients with HTTP basic properly. I initially thought that it may be a configuration change needed in my custom restlets, but I was able to duplicate it with the locking restlet delivered with Nuxeo. To reproduce:
1) login to a plain vanilla Nuxeo, create a file document, and not the file's docid. 2) Test the lock status in the browser by visiting: http://localhost:8080/nuxeo/restAPI/default/${docid}/Locking/status This seems to work just fine because your existing credentials are being used. 3) Open a different browser (or use curl/wget) and visit the same URL. In nuxeo 5.2.0m3, you are properly challenged for HTTP basic credentials (status 401). In 5.2.0m4 or 5.2.0RC1, you are sent a redirect (status 302) to the login page. Is this change intentional and I need to update some configuration file, or is it just a bug that needs fixing? If anyone has a workaround, I would be very grateful. Thanks, Mike
_______________________________________________ ECM mailing list [email protected] http://lists.nuxeo.com/mailman/listinfo/ecm To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
