[ https://issues.apache.org/jira/browse/COUCHDB-1175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13153301#comment-13153301 ]
Ari Najarian commented on COUCHDB-1175: --------------------------------------- Hi folks, I was shocked, and quite happy, to discover a thread that discusses the obscure issue I'm having. This alone prompted me to sign up to the forum so I could upvote this issue and watch it. Like Marcello and Johannes, I'm trying to work on a secure couchapp, and am coming up against the same problem. If I restrict access to particular database to authenticated readers only, then when anyone navigates to the design document, they get a JSON response instead of a redirect. Jason mentioned that the problem was insufficiently defined to move forward. As I see it, the problem is quite simple : right now, one can either create a couchapp that sits upon a database that anonymous users can access, OR they can create a secure document repository that only non-browser clients can interact with. However, there is no way to create a couchapp that interacts with a secure database, as there's no way to authenticate the user if they hit up the application. I don't want anonymous users to be able to access the information in my database through REST. I don't know a damned thing about HTTP headers, responses or content-types. I'm hoping this is an easy fix that will be pushed out to the internet soon. From the pros in this forum, any idea how long I may have to wait to see this bug resolved? > Improve content type negotiation for couchdb JSON responses > ----------------------------------------------------------- > > Key: COUCHDB-1175 > URL: https://issues.apache.org/jira/browse/COUCHDB-1175 > Project: CouchDB > Issue Type: Improvement > Affects Versions: 1.0.2 > Reporter: Robert Newson > Priority: Blocker > Fix For: 1.2 > > > Currently we ignore qvalues when negotiation between 'application/json' and > 'text/plain' when returning JSON responses. > Specifically, we test directly for 'application/json' or 'text/plain' in the > Accept header. Different branches have different bugs, though. Trunk returns > 'application/json' if 'application/json' is present at all, even if it's less > preferred than 'text/plain' when qvalues are accounted for. > We should follow the standard. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira