fix: Remove WWW-Authenticate header from responses

The HTTP specification recommends to send a `WWW-Authenticate` header with status code 401. We've used that to indicate which authentication methods are available for clients, in our case Basic and Cookie. While this works fine on Chrome, Safari starts prompting for basic authentication on its own. I haven't found a way to suppress, so we'll have to remove the `WWW-Authenticate` header to avoid this behaviour.
DSD-DBS · Sep 11, 2024 · b5aa54d · b5aa54d
1 parent bc0ea05
commit b5aa54d
Showing 1 changed file with 0 additions and 6 deletions.
diff --git a/backend/capellacollab/core/authentication/exceptions.py b/backend/capellacollab/core/authentication/exceptions.py
@@ -56,7 +56,6 @@ def __init__(self, scheme: str):
                 "Use 'basic' or 'bearer' instead"
             ),
             err_code="UNKNOWN_SCHEME",
-            headers={"WWW-Authenticate": "Basic, Cookie"},
         )
 
 
@@ -67,7 +66,6 @@ def __init__(self):
             title="Token signature expired",
             reason="The Signature of the token is expired. Please refresh the token or request a new access token.",
             err_code="TOKEN_SIGNATURE_EXPIRED",
-            headers={"WWW-Authenticate": "Basic, Cookie"},
         )
 
 
@@ -78,7 +76,6 @@ def __init__(self):
             title="Refresh token signature expired",
             reason="The Signature of the refresh token is expired. Please request a new access token.",
             err_code="REFRESH_TOKEN_EXPIRED",
-            headers={"WWW-Authenticate": "Basic, Cookie"},
         )
 
 
@@ -109,7 +106,6 @@ def __init__(self):
             title="Unauthenticated",
             reason="Not authenticated",
             err_code="UNAUTHENTICATED",
-            headers={"WWW-Authenticate": "Basic, Cookie"},
         )
 
 
@@ -120,7 +116,6 @@ def __init__(self):
             title="Personal access token not valid.",
             reason="The used token is not valid.",
             err_code="BASIC_TOKEN_INVALID",
-            headers={"WWW-Authenticate": "Basic, Cookie"},
         )
 
 
@@ -154,5 +149,4 @@ def __init__(self):
                 "Please request a new access token."
             ),
             err_code="PAT_EXPIRED",
-            headers={"WWW-Authenticate": "Basic, Cookie"},
         )