This deviation is deliberate. The reason we don't send it by default is that the popup dialog cannot be controlled or styled, and the browser's rendering is considered unacceptable.
There's a setting, described in the stock local.ini, that adds it; ; Uncomment next line to trigger basic-auth popup on unauthorized requests. ;WWW-Authenticate = Basic realm="administrator" B. On 11 November 2011 01:10, Jason Smith <[email protected]> wrote: > On Fri, Nov 11, 2011 at 7:46 AM, Jens Alfke <[email protected]> wrote: >> CouchDB’s _session endpoint is violating the HTTP 1.1 spec in the way it >> responds when not given a valid username/password. >> >> Here’s what RFC 2616 says: >>> 10.4.2 401 Unauthorized >>> The request requires user authentication. The response MUST include a >>> WWW-Authenticate header field (section 14.47) containing a challenge >>> applicable to the requested resource. > > Interesting. What is the link to the JIRA ticket you created about this? :p > > You can work around this in the meantime by setting whatever header > value you want in /_config/httpd/WWW-Authenticate. It will appear in > your 401s. > > -- > Iris Couch >
