client-heavy interface to yesod-auth #479
Comments
|
I can see two approaches here:
But we need to maintain the 303 for server-side apps. |
|
I think we need different JSON responses for most of the yesod-auth handlers. Creating separate handlers means documenting which handler subset should be used. For this handler a 401 along with a json body giving the redirect url is probably best. Of course, the client can also know the redirect url ahead of time. |
|
Other improvements besides the first mentioned need to be made. https://groups.google.com/forum/?fromgroups=#!topic/yesodweb/qBd95eDucsU |
|
Different browsers seem to have different Accept-headers for XMLHTTPRequest. Are there any drawbacks for submitting an additional form-parameter, e.g. "ajax=1" along with the username and password? The client side (at least in my case) does not need anything special - just one definitive bit of information whether the login succeeded or not. |
|
Are there any browsers which don't support setting |
|
Ah, yes, I guess setting it manually should work. It sounds good to me. |
|
I've implemented this on the yesod1.2 branch. I'll leave this issue open until that branch is merged to master in case someone wants to implement a yesod 1.1 fix as well. |
|
Thanks for implementing. This isn't actually working for me right now though, I am trying to track it down. |
|
this looks like the issue: https://github.com/yesodweb/yesod/blob/yesod1.2/yesod-core/Yesod/Core/Class/Yesod.hs#L297 A simple fix is not presenting itself to me since the return type is (). There seems to be duplication with yesod-auth, but the core is trying to avoid the yesod-auth dependency. |
|
figured out a pull request for the issue |
When not authenticated, making a request that requires authentication receives a 303 redirect. 401 makes more sense for a client-heavy app.
The text was updated successfully, but these errors were encountered: