[Pkg-erlang-devel] couchdb missing WWW-Authentication HTTP header

David Paleino dapal at debian.org
Thu Oct 14 10:32:33 UTC 2010 

reassign 600169 couchdb
retitle 600169 couchdb missing WWW-Authentication HTTP header
thanks

Seems like a couchdb bug.

Full-quoting for couchdb's maintainers usage:

On Thu, 14 Oct 2010 04:33:23 -0400, Jason Woofenden wrote:

> First, note that CouchDB seems to only support the "Basic" HTTP
> authentication method:
> 
> $
> FUTON_URL="http://username:password@localhost:`/usr/lib/desktopcouch/desktopcouch-get-port`/util/"
> $ curl --digest "$FUTON_URL" {"error":"unauthorized","reason":"Authentication
> required."} $ curl --ntlm "$FUTON_URL"
> {"error":"unauthorized","reason":"Authentication required."}
> $ curl --negotiate "$FUTON_URL"
> {"error":"unauthorized","reason":"Authentication required."}
> $ curl --basic "$FUTON_URL"
> <!DOCTYPE html>
> [...]
> 
> Then see that there's no WWW-Authenticate header telling which authentication
> method to use:
> 
> $ wget -S
> "http://localhost:`/usr/lib/desktopcouch/desktopcouch-get-port`/util/" -O -
> --2010-10-14 04:01:37--  http://localhost:42837/util/ Resolving
> localhost... ::1, 127.0.0.1 Connecting to localhost|::1|:42837... failed:
> Connection refused. Connecting to localhost|127.0.0.1|:42837... connected.
> HTTP request sent, awaiting response... 
>   HTTP/1.0 401 Unauthorized
>   Server: CouchDB/0.11.0 (Erlang OTP/R14B)
>   Date: Thu, 14 Oct 2010 08:01:37 GMT
>   Content-Type: text/plain;charset=utf-8
>   Content-Length: 61
>   Connection: Keep-Alive
>   Cache-Control: must-revalidate
> Authorization failed.
> zsh: exit 6     wget -S
> "http://localhost:`/usr/lib/desktopcouch/desktopcouch-get-port`/util/
> 
> 
> Here's what it looks like in a few clients:
> 
> Chromium: warning message about possible trickery, then "unauthorized"
> 
> IceWeasel: warning message about no authorization requested by server, then
> "unauthorized"
> 
> curl: fails unless you pass --basic
> 
> wget: fails unless you pass --auth-no-challenge
> 
> Midory: fails because it only tries ipv6. But if you use 127.0.0.1 instead of
> localhost, it says "unauthorized".
> 
> 
> I'm pretty sure all it would take to fix this is to get desktopcouch to send
> the WWW-Authentication: Basic [...] header
> 
> 
> Thank you all,   - Jason

-- 
 . ''`.   Debian developer | http://wiki.debian.org/DavidPaleino
 : :'  : Linuxer #334216 --|-- http://www.hanskalabs.net/
 `. `'`  GPG: 1392B174 ----|---- http://deb.li/dapal
   `-   2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-erlang-devel/attachments/20101014/ab4da929/attachment.pgp>

More information about the Pkg-erlang-devel mailing list