Sure, and it's deliberately not helpful; http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.5
"This status code is commonly used when the server does not wish to reveal exactly why the request has been refused..." Returning 401 vs 404 would reveal which user names exist. B. On 22 March 2013 13:20, svilen <[email protected]> wrote: > that's fine. just the error isn't very helpful.. > and the browsers don't play nice. > anyway > >> That's by design. In 1.2.0 you can only see your own user document. >> >> B. >> >> On 22 March 2013 13:03, svilen <[email protected]> wrote: >> > g'day >> > i am playing with the plain user:psw auth in url, and it gives funny >> > results. at least to me.. (couchdb 1.2.0 in latest ubuntu) >> > >> > i register some user, say name=a/psw=b. >> > >> > with auth: >> > $ curl GET http://a:b@/_users/org.couchdb.user:a >> > is fine >> > >> > without auth: >> > $ curl GET http://_users/org.couchdb.user:a >> > returns 404 {"error":"not_found","reason":"missing"} >> > >> > now with auth, but in browsers: >> > - opera http://a:b@/_users/org.couchdb.user:a works >> > - firefox http://a:b@/_users/org.couchdb.user:a warns about >> > "server not needing authentication".. and strips the usr/psw >> > yielding 404 >> > - iexplorer - 404 - strips unconditionaly >> > >> > is this something that is expected to be so? >> > maybe the error can be changed (to 401) ? >> > >> > i don't know that part about the "server not needing >> > authentication" .. maybe something in the headers ? or some config >> > of couch_httpd_auth ? >> > >> > ciao >> > svilen
