[prev in list] [next in list] [prev in thread] [next in thread]
List: keycloak-dev
Subject: [keycloak-dev] Release status
From: bburke () redhat ! com (Bill Burke)
Date: 2015-07-21 18:03:13
Message-ID: 55AE8961.3020102 () redhat ! com
[Download RAW message or body]
On 7/21/2015 1:06 PM, Stian Thorgersen wrote:
>
> >
> > > Other things:
> > > -------------
> > > * KEYCLOAK-1539 Accessing secured resource should not return 200 OK when
> > > not authenticated - adapters redirect to login page even for json/xml
> > > requests. That doesn't make any sense. We should only redirect to login
> > > page if Accept header is */*, text/* or text/html.
> >
> > We're not changing the adapters to change their response based on Accept
> > header. That is a horrible hack solution. See my recent comment on
> > this issue in jira.
>
> I don't understand why that's a hack solution? Returning a redirect to a html page \
> for something requesting a json document just isn't right.
REST clients often don't set the Accept header. A REST client might be
requesting text/* or text/html within their Accept header. I'm not sure
you can do this based on User Agent either. I think some client libs
set the User Agent to mozilla, not sure though.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic