Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple WWW-Authenticate headers in 401 responses #7328

Closed
hodossy opened this issue May 13, 2020 · 0 comments · May be fixed by #9242
Closed

Multiple WWW-Authenticate headers in 401 responses #7328

hodossy opened this issue May 13, 2020 · 0 comments · May be fixed by #9242

Comments

@hodossy
Copy link

hodossy commented May 13, 2020

According to MDN and RFC 7235 multiple authentication challanges can be specified by a response.

The current implementation relies on the order of the DEFAULT_AUTHENTICATION_CLASSES settings. Usually the more secure authentication schemes ('Bearer' or 'Token') are placed on top of that list, but those are not handled by the browsers. This means that potentially browser support for authentication is not available in the Browsable API.

My proposal would be to simply add all headers provided by the authentication classes, so even if Basic authentication is not prefered, it still can be used to authenticate in browsers.

What is your view on this? Shall I submit a PR?
@encode encode locked and limited conversation to collaborators Mar 8, 2021

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@tomchristie @hodossy