From 34f6ea1d041fef0466988fd855f79659dc6ee2fe Mon Sep 17 00:00:00 2001 From: Mikael Nordfeldth Date: Mon, 10 Nov 2014 12:17:39 +0100 Subject: [PATCH] Present WWW-Authenticate on failure to authenticate --- lib/apiauthaction.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/apiauthaction.php b/lib/apiauthaction.php index 0a1e0b8e24..40161b7ab5 100644 --- a/lib/apiauthaction.php +++ b/lib/apiauthaction.php @@ -317,11 +317,14 @@ class ApiAuthAction extends ApiAction $this->auth_user_nickname ); $this->logAuthFailure($msg); + + // We must present WWW-Authenticate in accordance to HTTP status code 401 + header('WWW-Authenticate: Basic realm="' . $realm . '"'); // TRANS: Client error thrown when authentication fails. $this->clientError(_('Could not authenticate you.'), 401); } } else { - // all get rw access for actions that don't need auth + // all get rw access for actions that don't require auth $this->access = self::READ_WRITE; } }