mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-02-18 11:28:48 -06:00
Code Issues Packages Projects Releases Wiki Activity

do not send www-authenticate basic for Api requests

Browse Source
This commit is contained in:
Michael Barz
2023-04-03 10:34:07 +02:00
parent 16f8c49de9
commit df537ea98d
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
changelog/unreleased/www-authenticate-header.md Normal file
View File

@@ -0,0 +1,6 @@
Bugfix: Fix authenticate headers for API requests
We changed the www-authenticate header which should not be sent when the `XMLHttpRequest` header is set.
https://github.com/owncloud/ocis/pull/5992
https://github.com/owncloud/ocis/issues/5986

4
services/proxy/pkg/middleware/authentication.go
View File

@@ -147,7 +147,9 @@ func configureSupportedChallenges(options Options) {
func writeSupportedAuthenticateHeader(w http.ResponseWriter, r *http.Request) {
caser := cases.Title(language.Und)
for _, s := range SupportedAuthStrategies {
w.Header().Add(WwwAuthenticate, fmt.Sprintf("%v realm=\"%s\", charset=\"UTF-8\"", caser.String(s), r.Host))
if r.Header.Get("X-Requested-With") != "XMLHttpRequest" {
w.Header().Add(WwwAuthenticate, fmt.Sprintf("%v realm=\"%s\", charset=\"UTF-8\"", caser.String(s), r.Host))
}
}
}