Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rpc: Add WWW-Authenticate header to 401 response #7472

Merged
merged 1 commit into from
Feb 9, 2016

Conversation

laanwj
Copy link
Member

@laanwj laanwj commented Feb 5, 2016

A WWW-Authenticate header must be present in the 401 response to make clients know that they can authenticate, and how.

WWW-Authenticate: Basic realm="jsonrpc"

Should fix #7462.

@laanwj laanwj force-pushed the 2016_02_www_authenticate branch 2 times, most recently from 1e493fc to 5bac0a9 Compare February 5, 2016 09:52
@jlopp
Copy link
Contributor

jlopp commented Feb 5, 2016

👍 fixes Java's Authenticator as I reported in #7462

@@ -21,6 +21,9 @@
#include <boost/algorithm/string.hpp> // boost::trim
#include <boost/foreach.hpp> //BOOST_FOREACH

/** WWW-Authenticate to present with 401 Unauthorized response */
static const char *WWW_AUTH_HEADER_DATA = "Basic realm=\"jsonrpc\"";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit:

diff --git a/src/httprpc.cpp b/src/httprpc.cpp
index 5d54d8f..a447a3e 100644
--- a/src/httprpc.cpp
+++ b/src/httprpc.cpp
@@ -25 +25 @@
-static const char *WWW_AUTH_HEADER_DATA = "Basic realm=\"jsonrpc\"";
+static const char* WWW_AUTH_HEADER_DATA = "Basic realm=\"jsonrpc\"";
@@ -157 +157 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
-        req->WriteHeader("WWW-Authenticate",WWW_AUTH_HEADER_DATA);
+        req->WriteHeader("WWW-Authenticate", WWW_AUTH_HEADER_DATA);
@@ -170 +170 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
-        req->WriteHeader("WWW-Authenticate",WWW_AUTH_HEADER_DATA);
+        req->WriteHeader("WWW-Authenticate", WWW_AUTH_HEADER_DATA);

@maflcko
Copy link
Member

maflcko commented Feb 5, 2016

Concept ACK 5bac0a9

A WWW-Authenticate header must be present in the 401
response to make clients know that they can authenticate,
and how.

    WWW-Authenticate: Basic realm="jsonrpc"

Fixes bitcoin#7462.
@laanwj laanwj force-pushed the 2016_02_www_authenticate branch from 5bac0a9 to 7c06fbd Compare February 8, 2016 08:16
@paveljanik
Copy link
Contributor

ACK laanwj@7c06fbd

@laanwj laanwj merged commit 7c06fbd into bitcoin:master Feb 9, 2016
laanwj added a commit that referenced this pull request Feb 9, 2016
7c06fbd rpc: Add WWW-Authenticate header to 401 response (Wladimir J. van der Laan)
laanwj added a commit that referenced this pull request Feb 9, 2016
A WWW-Authenticate header must be present in the 401
response to make clients know that they can authenticate,
and how.

    WWW-Authenticate: Basic realm="jsonrpc"

Fixes #7462.

Github-Pull: #7472
Rebased-From: 7c06fbd
@laanwj
Copy link
Member Author

laanwj commented Feb 10, 2016

Cherry-picked to 0.12 as b2f2b85

zkbot added a commit to zcash/zcash that referenced this pull request Jul 25, 2017
[rpc] Add WWW-Authenticate header to 401 response

Fix cherry-picked from upstream PR bitcoin/bitcoin#7472.

Closes #2444.
@bitcoin bitcoin locked as resolved and limited conversation to collaborators Sep 8, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Java Authenticator broken for 0.12 RPC server on Linux
4 participants