On Thu, Jun 23, 2011 at 11:01, Jens Alfke <[email protected]> wrote: > > On Jun 23, 2011, at 8:26 AM, Martin Hewitt wrote: > > 7. Attempt a PUT of a design doc: > > curl -i -X PUT -d > "{\"one\":\"two\"}" http://testuser:[email protected]:5984/testuser_database/_design/test/ > > 8. I get an error response: > HTTP/1.1 302 Moved Temporarily > Server: CouchDB/1.2.0a1075588 (Erlang OTP/R14B) > Location: http://127.0.0.1:5984/_utils/session.html?return=%2Fmartin_test%2F_design%2Ftest&reason=Name%20or%20password%20is%20incorrect. > > Slightly off-topic to the original question … but this seems like an > inappropriate server response from an HTTP and API standpoint. > 1. The client is sending credentials using HTTP auth (basic or digest). If > the credentials are invalid the correct response is a 401 Unauthorized, not > a redirect.
The reasoning was that this response makes Futon much more friendly rather than relying on the browser's login dialogues. With "Accept: application/json" I think CouchDB does respond with a 401. > 2. The URL being redirected to is part of the Futon admin UI. This might be > appropriate for an end-user interacting through a browser, but not for an > app. An app can use the content-type negotiation to receive the 401 and do its own behavior (redirect, show dialog, etc). Since JSON is the only official interface to CouchDB it's debatable that CouchDB should be doing anything other than a 400 for this request ;). > 3. The _utils directory isn’t present in all CouchDB installations; e.g. > mobile installs, so this redirect might go to a missing page. I think you still have a valid point. If Futon were making every request with XMLHTTPRequest it could handle a 401 in its own beautiful way without CouchDB's coddling. Perhaps this problem can go away with Futon2 which uses Sammyjs? Hopefully, others on the list know more about this issue than I do and will correct me if I'm wrong.
