On Tue, Aug 16, 2011 at 9:30 PM, Marcello Nuccio <marcello.nuc...@gmail.com> wrote: > Since sketch.png is available only as "image/png", Apache responds > with "image/png" even if "image/jpeg" is preferred according to the > Accept header. > >>> This is what I do if the user is authenticated, and I see no reason >>> for not doing it when the response is a 401. >> >> i don't follow. how it is related? > > > I ask to apply the same logic whatever the status code of the > response. If when the response is "200 OK" the content-type is > "text/html", then why not respond with the same content-type for a > "401 Unauthorized" response? > > Obviously the content will be different (an html login form for the 401).
Did you see my previous two emails? Quick summary: 1. That is not the standard. IMHO, if CouchDB should change, it should change toward the standard. 2. Regardless of #1, it is hard to implement. The example of a public image is not the question. The question is you request *something* but you do not have permission. How should Couch respond? To me, the answer is becoming very clear: obey the client Accept header. If the client explicitly asks for HTML, send a 302 bounce; otherwise send 401 JSON. If that breaks futon or some applications, we can fix those as-needed once and for all. -- Iris Couch
