Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Remove WWW-Authenticate header from responses #1790

Merged
merged 1 commit into from
Sep 11, 2024

Conversation

MoritzWeber0
Copy link
Member

@MoritzWeber0 MoritzWeber0 commented Sep 11, 2024

The HTTP specification recommends to send a WWW-Authenticate header with status code 401 for unauthenticated cases. See also the Mozilla documentation page: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/401.
We've used that to indicate which authentication methods are available for clients, in our case Basic and Cookie.

While this works fine for Chrome, Safari starts prompting for basic authentication on its own. I haven't found a way to suppress this, so we'll have to remove the WWW-Authenticate header to avoid this behaviour.

Resolves #1788

The HTTP specification recommends to send a `WWW-Authenticate` header with
status code 401. We've used that to indicate which authentication methods
are available for clients, in our case Basic and Cookie.

While this works fine on Chrome, Safari starts prompting for basic authentication
on its own. I haven't found a way to suppress, so we'll have to remove the
`WWW-Authenticate` header to avoid this behaviour.
Copy link

codecov bot commented Sep 11, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 84.06%. Comparing base (bc0ea05) to head (b5aa54d).
Report is 359 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #1790   +/-   ##
=======================================
  Coverage   84.06%   84.06%           
=======================================
  Files         186      186           
  Lines        6144     6144           
  Branches      676      676           
=======================================
  Hits         5165     5165           
  Misses        831      831           
  Partials      148      148           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copy link

sonarcloud bot commented Sep 11, 2024

@MoritzWeber0 MoritzWeber0 merged commit f43efb9 into main Sep 11, 2024
29 checks passed
@MoritzWeber0 MoritzWeber0 deleted the safari-authentication-popup branch September 11, 2024 15:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Authentication promts on Safari
1 participant