[ckan-dev] Should authentication be required to data search?

Alexandre Gomes alegomes at gmail.com
Sun May 27 15:52:41 UTC 2012 

I think this is related to other thread:
http://lists.okfn.org/pipermail/ckan-dev/2012-May/002245.html

Should authentication be required to perform readonly queries on datasets?

The AJAX call bellow fails:

$.ajax({url: "
http://thedatahub.org/en/api/data/075de5b0-19ba-45fb-bfaa-603a78c47d45/_search?pretty=true
",
dataType: 'json',
type: "POST",
data: JSON.stringify({"query":{"match_all":{}}}),
success: function(data) { console.log('Success')},
error: function(xhr, message, error) {console.log('Error')},
complete: function() {console.log('Completed')}
});


Firebug gives me:

*Request Headers*
Acceptapplication/json, text/javascript, */*; q=0.01Accept-Encodinggzip,
deflateAccept-Languageen-us,en;q=0.5Connectionkeep-aliveContent-Length26
Content-Typeapplication/x-www-form-urlencoded; charset=UTF-8Host
thedatahub.orgOriginnullUser-AgentMozilla/5.0 (Macintosh; Intel Mac OS X
10.7; rv:12.0) Gecko/20100101 Firefox/12.0


*Response Headers*
Access-Control-Allow-Head...X-CKAN-API-KEY, Content-Type, Authorization
Connectionkeep-aliveContent-EncodinggzipContent-Length20Content-Typetext/html;
charset=UTF-8DateSun, 27 May 2012 15:33:20 GMTLocation*
http://thedatahub.org/user/login*?came_from=
http://thedatahub.org/api/data/075de5b0-19ba-45fb-bfaa-603a78c47d45
/_search?pretty=trueServernginx/0.7.65VaryAccept-EncodingVia1.0 localhost
(squid/3.0.STABLE19)X-CacheMISS from localhostX-Cache-LookupMISS from
localhost:80



However, if I provide some API key, it works.

$.ajax({url: "
http://thedatahub.org/en/api/data/075de5b0-19ba-45fb-bfaa-603a78c47d45/_search?pretty=true
",
        headers: {"Authorization": "36849769-4a12-416c-a45c-XXXXXXX"},
dataType: 'json',
type: "POST",
data: JSON.stringify({"query":{"match_all":{}}}),
success: function(data) { console.log('Success')},
error: function(xhr, message, error) {console.log('Error')},
complete: function() {console.log('Completed')}
});

*Response Headers*

Access-Control-Allow-Orig...

*

Cache-Control

no-cache

Connection

keep-alive

Content-Length

12119

Content-Type

application/json; charset=UTF-8

Date

Sun, 27 May 2012 15:45:17 GMT

Server

nginx/0.7.65

Via

1.0 localhost (squid/3.0.STABLE19)

X-Cache

MISS from localhost

X-Cache-Lookup

MISS from localhost:80


[]s!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20120527/dc15856f/attachment.html>

More information about the ckan-dev mailing list