From b5aa54ddcaab36838d48e13cd183934e4fc689ee Mon Sep 17 00:00:00 2001
From: MoritzWeber <kontakt@moritz-weber.net>
Date: Wed, 11 Sep 2024 17:02:01 +0200
Subject: [PATCH] fix: Remove `WWW-Authenticate` header from responses

The HTTP specification recommends to send a `WWW-Authenticate` header with
status code 401. We've used that to indicate which authentication methods
are available for clients, in our case Basic and Cookie.

While this works fine on Chrome, Safari starts prompting for basic authentication
on its own. I haven't found a way to suppress, so we'll have to remove the
`WWW-Authenticate` header to avoid this behaviour.
---
 backend/capellacollab/core/authentication/exceptions.py | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/backend/capellacollab/core/authentication/exceptions.py b/backend/capellacollab/core/authentication/exceptions.py
index d511c25e3..3daa73dff 100644
--- a/backend/capellacollab/core/authentication/exceptions.py
+++ b/backend/capellacollab/core/authentication/exceptions.py
@@ -56,7 +56,6 @@ def __init__(self, scheme: str):
                 "Use 'basic' or 'bearer' instead"
             ),
             err_code="UNKNOWN_SCHEME",
-            headers={"WWW-Authenticate": "Basic, Cookie"},
         )
 
 
@@ -67,7 +66,6 @@ def __init__(self):
             title="Token signature expired",
             reason="The Signature of the token is expired. Please refresh the token or request a new access token.",
             err_code="TOKEN_SIGNATURE_EXPIRED",
-            headers={"WWW-Authenticate": "Basic, Cookie"},
         )
 
 
@@ -78,7 +76,6 @@ def __init__(self):
             title="Refresh token signature expired",
             reason="The Signature of the refresh token is expired. Please request a new access token.",
             err_code="REFRESH_TOKEN_EXPIRED",
-            headers={"WWW-Authenticate": "Basic, Cookie"},
         )
 
 
@@ -109,7 +106,6 @@ def __init__(self):
             title="Unauthenticated",
             reason="Not authenticated",
             err_code="UNAUTHENTICATED",
-            headers={"WWW-Authenticate": "Basic, Cookie"},
         )
 
 
@@ -120,7 +116,6 @@ def __init__(self):
             title="Personal access token not valid.",
             reason="The used token is not valid.",
             err_code="BASIC_TOKEN_INVALID",
-            headers={"WWW-Authenticate": "Basic, Cookie"},
         )
 
 
@@ -154,5 +149,4 @@ def __init__(self):
                 "Please request a new access token."
             ),
             err_code="PAT_EXPIRED",
-            headers={"WWW-Authenticate": "Basic, Cookie"},
         )