mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-01-01 09:52:23 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5992 from owncloud/basic-auth-header

Browse Source 
do not send www-authenticate basic for Api requests
This commit is contained in:
Michael Barz
2023-04-03 15:22:09 +02:00
committed by GitHub
parent a5bd5505aa df537ea98d
commit b2568972da
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
changelog/unreleased/www-authenticate-header.md Normal file
View File

@@ -0,0 +1,6 @@
Bugfix: Fix authenticate headers for API requests
We changed the www-authenticate header which should not be sent when the `XMLHttpRequest` header is set.
https://github.com/owncloud/ocis/pull/5992
https://github.com/owncloud/ocis/issues/5986

4
services/proxy/pkg/middleware/authentication.go
View File

@@ -147,7 +147,9 @@ func configureSupportedChallenges(options Options) {
func writeSupportedAuthenticateHeader(w http.ResponseWriter, r *http.Request) {
caser := cases.Title(language.Und)
for _, s := range SupportedAuthStrategies {
w.Header().Add(WwwAuthenticate, fmt.Sprintf("%v realm=\"%s\", charset=\"UTF-8\"", caser.String(s), r.Host))
if r.Header.Get("X-Requested-With") != "XMLHttpRequest" {
w.Header().Add(WwwAuthenticate, fmt.Sprintf("%v realm=\"%s\", charset=\"UTF-8\"", caser.String(s), r.Host))
}
}
}