Skip to content

Commit

Permalink
Conditionally set WWW-Authenticate header for AJAX requests
Browse files Browse the repository at this point in the history
  • Loading branch information
@jimmyhealer @vmcj
jimmyhealer authored and vmcj committed Jun 6, 2024
1 parent e1f78ca commit 6df01fe
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion webapp/src/Security/DOMJudgeBasicAuthenticator.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,11 @@ public function onAuthenticationFailure(Request $request, AuthenticationExceptio
// Otherwise, we pass along to the next authenticator.
if ($exception instanceof BadCredentialsException || $exception instanceof UserNotFoundException) {
$resp = new Response('', Response::HTTP_UNAUTHORIZED);
$resp->headers->set('WWW-Authenticate', sprintf('Basic realm="%s"', 'Secured Area'));

if (!$request->isXmlHttpRequest()) {
$resp->headers->set('WWW-Authenticate', sprintf('Basic realm="%s"', 'Secured Area'));
}

return $resp;
}

Expand Down

0 comments on commit 6df01fe

Please sign in to comment.