damn. Some typos. Here is better text Hi all,
I'm experimenting problem with the current method used when authentication fail. If you pass authentication headers you are redirected to an html page asking for credentials. So technically we do : 401 -> 302 -> 200 Which is wrong if we follow the spec. "The response MUST include a WWW-Authenticate header field [..] [1] . It also introduce some bugs, try for example to create a database when not logged. The reason we use a 302 actually is for couchapps. I think we should change that behavior: 1. Provide appropriate HTTP response by default 2. Use the tricks of cookie auth (specific header) to let the CouchApps access to CouchDB. Something like "X-Auth-..." header in the request that notify us we need to send a response that will not raises the dialog box in browsers. Thoughts ? [1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2 - benoƮt
