But, by default, CouchDB does not send the WWW-Authenticate header, and no one has asked to change this default.
Marcello 2011/8/16 Robert Newson <rnew...@apache.org>: > a 401 response MUST include a WWW-Authenticate header, this causes an > unstylable modal dialog box on all browsers (the HTML you want to send > will not matter). > > This is why we cannot do as you suggest. > > B. > > On 16 August 2011 17:45, Marcello Nuccio <marcello.nuc...@gmail.com> wrote: >> 2011/8/16 Jens Alfke <j...@couchbase.com>: >>> >>> On Aug 16, 2011, at 9:16 AM, Marcello Nuccio wrote: >>> >>>> Ignoring for an instant that this is hard to implement, as Jason says. >>>> What is the problem if I send an HTML response, if the requested >>>> resource is HTML? >>> >>> Because if the client requesting the HTML is not a user-facing web browser, >>> the 302 is the wrong response, because the client won’t know what to do >>> with the resulting login form (unless it does screen-scraping.) I’ve >>> already run into this in implementing my CouchCocoa framework. >> >> >> I am not saying to respond with 302. I am saying: >> >> - ALWAYS respond with 401 >> - IF the Accept header says "text/html" is a valid response AND the >> requested resource is of type "text/html", THEN send HTML in the body >> of the response, ELSE send JSON. >> >> Never send 302 instead of 401. >> Never send HTML if not "accepted" by the client and it is the type of >> the requested resource. >> >> Why is this not standard compliant? >> >> Marcello >> >
