[prev in list] [next in list] [prev in thread] [next in thread] 

List:       keycloak-dev
Subject:    [keycloak-dev] Release status
From:       bburke () redhat ! com (Bill Burke)
Date:       2015-07-21 18:03:13
Message-ID: 55AE8961.3020102 () redhat ! com
[Download RAW message or body]



On 7/21/2015 1:06 PM, Stian Thorgersen wrote:
> 
> > 
> > > Other things:
> > > -------------
> > > * KEYCLOAK-1539	Accessing secured resource should not return 200 OK when
> > > not authenticated - adapters redirect to login page even for json/xml
> > > requests. That doesn't make any sense. We should only redirect to login
> > > page if Accept header is */*, text/* or text/html.
> > 
> > We're not changing the adapters to change their response based on Accept
> > header.  That is a horrible hack solution.  See my recent comment on
> > this issue in jira.
> 
> I don't understand why that's a hack solution? Returning a redirect to a html page \
> for something requesting a json document just isn't right. 

REST clients often don't set the Accept header.  A REST client might be 
requesting text/* or text/html within their Accept header.  I'm not sure 
you can do this based on User Agent either.  I think some client libs 
set the User Agent to mozilla, not sure though.

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


[prev in list] [next in list] [prev in thread] [next in thread]