hmm shouldnt then /_session behave same? it returns 401 On Fri, 22 Mar 2013 13:24:28 +0000 Robert Newson <[email protected]> wrote:
> Sure, and it's deliberately not helpful; > > http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.5 > > "This status code is commonly used when the server does not wish to > reveal exactly why the request has been refused..." > > Returning 401 vs 404 would reveal which user names exist. > > B. > > On 22 March 2013 13:20, svilen <[email protected]> wrote: > > that's fine. just the error isn't very helpful.. > > and the browsers don't play nice. > > anyway > > > >> That's by design. In 1.2.0 you can only see your own user document. > >> > >> B. > >> > >> On 22 March 2013 13:03, svilen <[email protected]> wrote: > >> > g'day > >> > i am playing with the plain user:psw auth in url, and it gives > >> > funny results. at least to me.. (couchdb 1.2.0 in latest ubuntu) > >> > > >> > i register some user, say name=a/psw=b. > >> > > >> > with auth: > >> > $ curl GET http://a:b@/_users/org.couchdb.user:a > >> > is fine > >> > > >> > without auth: > >> > $ curl GET http://_users/org.couchdb.user:a > >> > returns 404 {"error":"not_found","reason":"missing"} > >> > > >> > now with auth, but in browsers: > >> > - opera http://a:b@/_users/org.couchdb.user:a works > >> > - firefox http://a:b@/_users/org.couchdb.user:a warns about > >> > "server not needing authentication".. and strips the usr/psw > >> > yielding 404 > >> > - iexplorer - 404 - strips unconditionaly > >> > > >> > is this something that is expected to be so? > >> > maybe the error can be changed (to 401) ? > >> > > >> > i don't know that part about the "server not needing > >> > authentication" .. maybe something in the headers ? or some > >> > config of couch_httpd_auth ? > >> > > >> > ciao > >> > svilen
