-
Notifications
You must be signed in to change notification settings - Fork 371
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
client-heavy interface to yesod-auth #479
Comments
I can see two approaches here:
But we need to maintain the 303 for server-side apps. |
I think we need different JSON responses for most of the yesod-auth handlers. Creating separate handlers means documenting which handler subset should be used. For this handler a 401 along with a json body giving the redirect url is probably best. Of course, the client can also know the redirect url ahead of time. |
Other improvements besides the first mentioned need to be made. https://groups.google.com/forum/?fromgroups=#!topic/yesodweb/qBd95eDucsU |
Different browsers seem to have different Accept-headers for XMLHTTPRequest. Are there any drawbacks for submitting an additional form-parameter, e.g. "ajax=1" along with the username and password? The client side (at least in my case) does not need anything special - just one definitive bit of information whether the login succeeded or not. |
Are there any browsers which don't support setting |
Ah, yes, I guess setting it manually should work. It sounds good to me. |
I've implemented this on the yesod1.2 branch. I'll leave this issue open until that branch is merged to master in case someone wants to implement a yesod 1.1 fix as well. |
Thanks for implementing. This isn't actually working for me right now though, I am trying to track it down. |
this looks like the issue: https://github.com/yesodweb/yesod/blob/yesod1.2/yesod-core/Yesod/Core/Class/Yesod.hs#L297 A simple fix is not presenting itself to me since the return type is (). There seems to be duplication with yesod-auth, but the core is trying to avoid the yesod-auth dependency. |
figured out a pull request for the issue |
When not authenticated, making a request that requires authentication receives a 303 redirect. 401 makes more sense for a client-heavy app.
The text was updated successfully, but these errors were encountered: