Opened 17 years ago

Closed 17 years ago

Last modified 11 years ago

#6349 closed Uncategorized (wontfix)

HttpResponseUnauthorized is missing

Reported by: moep Owned by: winsley@…
Component: HTTP handling Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Design decision needed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The attached patch adds an HttpResponseUnauthorized response (Http 401) just like HttpResponseNotFound. This status code indicates that authentication is possible but has failed or has not yet been provided.

Perhaps we should add the other codes as well?

Attachments (1)

HttpResponseUnauthorized.patch (929 bytes ) - added by moep 17 years ago.

Download all attachments as: .zip

Change History (9)

comment:1 by jdetaeye@…, 17 years ago

Needs documentation: set

The documentation page doc/request_response.txt will need updating too...

by moep, 17 years ago

comment:2 by moep, 17 years ago

Needs documentation: unset

Updated patch to include Documentation.

comment:3 by Chris Beaven, 17 years ago

Triage Stage: UnreviewedDesign decision needed

I kind of remember a discussion about this a long while back with a negative outcome but I can't find it. I'll pass through a design decision.

When would you want this anyway - won't this open a basic http auth login window in most browsers?

comment:4 by moep, 17 years ago

No most browser don't handle this status code and just display the html if any.

While working on this part of my project (404, 403 handling ... ) i also noticed that you can only raise an 404 but not an 403 error code ...
I would prefer if you could just raise every any code which would allow you to implement something like get_object_or_403 as well.

Perhaps one should rethink the whole issue and handle every status code the same way, without having an exception for 404.

in reply to:  4 comment:5 by arien, 17 years ago

Replying to moep:

No most browser don't handle this status code and just display the html if any.

All browsers I know of handle this status code by prompting for credentials. The Django trac login page for example will return a 401 Authorization Required response:

$ curl -I http://code.djangoproject.com/login
HTTP/1.0 401 Authorization Required
Date: Tue, 22 Jan 2008 00:10:42 GMT
Server: Apache
WWW-Authenticate: Basic realm="Django project trac installation"
Connection: close
Content-Type: text/html; charset=iso-8859-1

Which browser doesn't prompt for credentials when navigating to that page?

(In this particular case any valid session cookie would log you in automatically instead of returning the 401 status, so make sure to delete those before trying.)

comment:6 by Malcolm Tredinnick, 17 years ago

Resolution: wontfix
Status: newclosed

Two problems here: firstly, we aren't going to add extra classes for every possible HTTP status code. At some point we realised it just wasn't productive, since the only real difference is the status. Consequently, you can pass the status code into the HttpResponse initializer. Secondly, 404 and 500 are treated specially as exceptions. But, again, it's not worth adding all error codes as exceptions. They are just normal responses. More descriptive errors (such as PermissionDenied) should be raised if people are meant to handle them. That's more generally useful than an exception tied to an HTTP status code (since the exception might not ultimately be handled by returning that status code).

comment:7 by anonymous, 11 years ago

Easy pickings: unset
Severity: Normal
Type: Uncategorized
UI/UX: unset

lol.

I'd be super embarrassed if i was the asshole who decided to set this to 'wontfix'.

I can't believe this still doesn't exist.

comment:8 by Aymeric Augustin, 11 years ago

The man who set this to wontfix is without doubt the most respected person in the Django community.

Read https://www.djangoproject.com/weblog/2013/mar/19/goodbye-malcolm/ if you'd like to know why.

I would be very embarrassed if I got caught pissing on someone's grave like you just did.

Note: See TracTickets for help on using tickets.
Back to Top