-
Notifications
You must be signed in to change notification settings - Fork 118
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorization header missing when using HTTP Basic authentication #109
Comments
This may be a bug. Can you provide a snippet of code to reproduce? BTW it's generally unadvised to insert the username and password in the URL; CouchDB authentication works best with cookie-based authorization rather than HTTP Basic Authorization. |
Yeah. I coded this from console.. Look at the header when changePassword() is triggered, no authorization
|
Thanks, I can reproduce this bug. The problem is that we're getting a 404 due to the headers not being sent in. Same thing happens using |
BTW I'll note that the workaround for this issue is to use cookie-based authentication rather than regular HTTP authentication. Also if you tested from console, I assume you mean Node.js, which isn't officially supported by this library...? |
I don't have time to work on this right now, but anybody with the motivation and desire would just need to make sure that the ajax opts extend from the ajax opts applied to the original database, i.e. the username and password, and then add a test to capture this case. |
Took a crack at this, but it's annoying impossible to test because CouchDB doesn't have a programmatic way to enable and disable Admin Party. So to run the tests you'd need to permanently disable Admin party. |
this is also happening on getSession() call. authentication header is dropped. FYI. |
Fixes pouchdb-community#109. When username and password are present in db url, generate Basic authentication token and put it in ajax request headers.
Fixes pouchdb-community#109. When username and password are present in db url, generate Basic authentication token and put it in ajax request headers.
Fixes pouchdb-community#109. When username and password are present in db url, generate Basic authentication token and put it in ajax request headers.
Fixes pouchdb-community#109. When username and password are present in db url, generate Basic authentication token and put it in ajax request headers.
Fixes pouchdb-community#109. When username and password are present in db url, generate Basic authentication token and put it in ajax request headers.
Fixes pouchdb-community#109. When username and password are present in db url, generate Basic authentication token and put it in ajax request headers.
Fixes pouchdb-community#109. When username and password are present in db url, generate Basic authentication token and put it in ajax request headers.
Your document says if calling
changePassword
function, only server admin and the user itself can use, otherwise 400.let say i have
when I call
pouchDB.allDocs()
I can seeAuthorization
headerBasic XXXXXX
but when calling
pouchDB.changePassword()
I don't see theAuthorization
header, thus server admin cannot update the password as well. Am i doing something wrong?The text was updated successfully, but these errors were encountered: