On Fri, Nov 11, 2011 at 7:46 AM, Jens Alfke <[email protected]> wrote: > CouchDB’s _session endpoint is violating the HTTP 1.1 spec in the way it > responds when not given a valid username/password. > > Here’s what RFC 2616 says: >> 10.4.2 401 Unauthorized >> The request requires user authentication. The response MUST include a >> WWW-Authenticate header field (section 14.47) containing a challenge >> applicable to the requested resource.
Interesting. What is the link to the JIRA ticket you created about this? :p You can work around this in the meantime by setting whatever header value you want in /_config/httpd/WWW-Authenticate. It will appear in your 401s. -- Iris Couch
