reassign 600169 couchdb
retitle 600169 couchdb missing WWW-Authentication HTTP header
thanks
Seems like a couchdb bug.
Full-quoting for couchdb's maintainers usage:
On Thu, 14 Oct 2010 04:33:23 -0400, Jason Woofenden wrote:
First, note that CouchDB seems to only support the Basic HTTP
authentication method:
$
FUTON_URL=http://username:passw...@localhost:`/usr/lib/desktopcouch/desktopcouch-get-port`/util/;
$ curl --digest $FUTON_URL {error:unauthorized,reason:Authentication
required.} $ curl --ntlm $FUTON_URL
{error:unauthorized,reason:Authentication required.}
$ curl --negotiate $FUTON_URL
{error:unauthorized,reason:Authentication required.}
$ curl --basic $FUTON_URL
!DOCTYPE html
[...]
Then see that there's no WWW-Authenticate header telling which authentication
method to use:
$ wget -S
http://localhost:`/usr/lib/desktopcouch/desktopcouch-get-port`/util/; -O -
--2010-10-14 04:01:37-- http://localhost:42837/util/ Resolving
localhost... ::1, 127.0.0.1 Connecting to localhost|::1|:42837... failed:
Connection refused. Connecting to localhost|127.0.0.1|:42837... connected.
HTTP request sent, awaiting response...
HTTP/1.0 401 Unauthorized
Server: CouchDB/0.11.0 (Erlang OTP/R14B)
Date: Thu, 14 Oct 2010 08:01:37 GMT
Content-Type: text/plain;charset=utf-8
Content-Length: 61
Connection: Keep-Alive
Cache-Control: must-revalidate
Authorization failed.
zsh: exit 6 wget -S
http://localhost:`/usr/lib/desktopcouch/desktopcouch-get-port`/util/
Here's what it looks like in a few clients:
Chromium: warning message about possible trickery, then unauthorized
IceWeasel: warning message about no authorization requested by server, then
unauthorized
curl: fails unless you pass --basic
wget: fails unless you pass --auth-no-challenge
Midory: fails because it only tries ipv6. But if you use 127.0.0.1 instead of
localhost, it says unauthorized.
I'm pretty sure all it would take to fix this is to get desktopcouch to send
the WWW-Authentication: Basic [...] header
Thank you all, - Jason
--
. ''`. Debian developer | http://wiki.debian.org/DavidPaleino
: :' : Linuxer #334216 --|-- http://www.hanskalabs.net/
`. `'` GPG: 1392B174 | http://deb.li/dapal
`- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174
signature.asc
Description: PGP signature