Trying to debug why the configuration option `authentication_redirect` did stopped working in CouchDB-1.1, I have finally nailed it down to a simple use-case.
You can reproduce it with the following commands (assuming you have setup and admin user with name "admin" and password "pass": $ curl -X PUT 'http://admin:pass@localhost:5984/testauth' {"ok":true} $ cat security.json {"admins":{"names":["boutique"],"roles":[]},"readers":{"names":[],"roles":["azienda"]}} $ curl -X PUT 'http://admin:pass@localhost:5984/testauth/_security' -d @security.json -H 'Content-Type: application/json; charset=UTF-8' {"ok":true} $ curl -D- 'http://admin:pass@localhost:5984/testauth' HTTP/1.1 200 OK Server: CouchDB/1.1.0 (Erlang OTP/R14B03) Date: Fri, 17 Jun 2011 11:56:32 GMT Content-Type: text/plain;charset=utf-8 Content-Length: 215 Cache-Control: must-revalidate {"db_name":"testauth","doc_count":0,"doc_del_count":0,"update_seq":1,"purge_seq":0,"compact_running":false,"disk_size":4171,"instance_start_time":"1308310604678421","disk_format_version":5,"committed_update_seq":1} $ curl -D- 'http://localhost:5984/testauth' HTTP/1.1 401 Unauthorized Server: CouchDB/1.1.0 (Erlang OTP/R14B03) Date: Fri, 17 Jun 2011 11:56:44 GMT Content-Type: text/plain;charset=utf-8 Content-Length: 78 Cache-Control: must-revalidate {"error":"unauthorized","reason":"You are not authorized to access this db."} $ curl -D- 'http://localhost:5984/testauth' -H 'Accept: text/html,*/*;q=0.0' HTTP/1.1 302 Moved Temporarily Server: CouchDB/1.1.0 (Erlang OTP/R14B03) Location: http://localhost:5984/cerbero/_design/cerbero/login.html?return=%2Ftestauth&reason=You%20are%20not%20authorized%20to%20access%20this%20db. Date: Fri, 17 Jun 2011 11:57:41 GMT Content-Type: text/plain;charset=utf-8 Content-Length: 78 Cache-Control: must-revalidate {"error":"unauthorized","reason":"You are not authorized to access this db."} $ curl -D- 'http://localhost:5984/testauth' -H 'Accept: text/html,*/*;q=0.1' HTTP/1.1 401 Unauthorized Server: CouchDB/1.1.0 (Erlang OTP/R14B03) Date: Fri, 17 Jun 2011 11:57:55 GMT Content-Type: text/plain;charset=utf-8 Content-Length: 78 Cache-Control: must-revalidate {"error":"unauthorized","reason":"You are not authorized to access this db."} This last one should give you the same "302 Moved Temporarily" response as the previous one, because we accept "text/html". The problem is that Firefox uses a similar Accept header, so it gets a 401 Unauthorized error instead of being redirected to the login page. I think the problem was introduced by this commit: https://github.com/apache/couchdb/commit/0264c51de7f281bc3b01d51e43831da2bcc741df Is this a bug, or is intended behaviour? Thanks, Marcello
