-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Returning 401 status without WWW-Authenticate header #851
Comments
ResolutionSimpleA simple option would be to include More complexThe 3 different central-backend/lib/util/problem.js Lines 114 to 119 in d8181ac
|
Where do you see it used for authorization? I see one instance here:
I don't quite remember what's going on here. I think Collect (or maybe Enketo?) displays an informative error message for a 401 but not a 403. @lognaturel would know more! It looks like this was introduced in 7b13eb7.
Just my two cents, I vote for a 400!
I don't think so, because web users and public links can also access the OpenRosa Side note: I'm a little confused about why the endpoint is checking |
Both only prompt for auth if they get a 401. That's from the OpenRosa spec. |
Interesting! Per that link:
So maybe
This sounds like it refers to the case that @matthew-white quotes above:
Should this read that the server either returns 401 or "redirect[s] and negotiate[s] TLS channel security (https)"? I'm not sure it can do both in one response. |
I just noticed that the API docs about Basic auth say something about
Specifying |
Backend is returning HTTP status 401 in a few places, and I can't see any inclusion of a
WWW-Authenticate
header.The text was updated successfully, but these errors were encountered: