From 1a4a80993f5e18a3bea485246757148daef5f476 Mon Sep 17 00:00:00 2001 From: John Christopher Anderson Date: Sun, 25 Jul 2010 18:16:54 +0000 Subject: send a basic-auth popup header if require_valid_user=true, to prevent lock-out git-svn-id: https://svn.apache.org/repos/asf/couchdb/branches/1.0.x@979083 13f79535-47bb-0310-9956-ffa450edef68 --- etc/couchdb/local.ini | 4 +++- src/couchdb/couch_httpd.erl | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/etc/couchdb/local.ini b/etc/couchdb/local.ini index 7aa049a0..f20b197a 100644 --- a/etc/couchdb/local.ini +++ b/etc/couchdb/local.ini @@ -14,7 +14,9 @@ ;WWW-Authenticate = Basic realm="administrator" [couch_httpd_auth] -; if you set this to true, you should also uncomment the WWW-Authenticate line above +; If you set this to true, you should also uncomment the WWW-Authenticate line +; above. If you don't configure a WWW-Authenticate header, CouchDB will send +; Basic realm="server" in order to prevent you getting logged out. ; require_valid_user = false [log] diff --git a/src/couchdb/couch_httpd.erl b/src/couchdb/couch_httpd.erl index faf14bcc..b531d3d6 100644 --- a/src/couchdb/couch_httpd.erl +++ b/src/couchdb/couch_httpd.erl @@ -750,7 +750,8 @@ error_headers(#httpd{mochi_req=MochiReq}=Req, Code, ErrorStr, ReasonStr) -> AuthRedirect -> case couch_config:get("couch_httpd_auth", "require_valid_user", "false") of "true" -> - {Code, []}; + % send the browser popup header no matter what if we are require_valid_user + {Code, [{"WWW-Authenticate", "Basic realm=\"server\""}]}; _False -> % if the accept header matches html, then do the redirect. else proceed as usual. case re:run(MochiReq:get_header_value("Accept"), "html", [{capture, none}]) of -- cgit v1.2.3