Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rpc: Add WWW-Authenticate header to 401 response #7472

Merged
merged 1 commit into from Feb 9, 2016

Conversation

@laanwj
Copy link
Member

laanwj commented Feb 5, 2016

A WWW-Authenticate header must be present in the 401 response to make clients know that they can authenticate, and how.

WWW-Authenticate: Basic realm="jsonrpc"

Should fix #7462.

@laanwj laanwj added the RPC/REST/ZMQ label Feb 5, 2016
@laanwj laanwj force-pushed the laanwj:2016_02_www_authenticate branch 2 times, most recently Feb 5, 2016
@jlopp
Copy link
Contributor

jlopp commented Feb 5, 2016

👍 fixes Java's Authenticator as I reported in #7462

@MarcoFalke
MarcoFalke reviewed Feb 5, 2016
View changes
src/httprpc.cpp Outdated
@@ -21,6 +21,9 @@
#include <boost/algorithm/string.hpp> // boost::trim
#include <boost/foreach.hpp> //BOOST_FOREACH

/** WWW-Authenticate to present with 401 Unauthorized response */
static const char *WWW_AUTH_HEADER_DATA = "Basic realm=\"jsonrpc\"";

This comment has been minimized.

Copy link
@MarcoFalke

MarcoFalke Feb 5, 2016

Member

Nit:

diff --git a/src/httprpc.cpp b/src/httprpc.cpp
index 5d54d8f..a447a3e 100644
--- a/src/httprpc.cpp
+++ b/src/httprpc.cpp
@@ -25 +25 @@
-static const char *WWW_AUTH_HEADER_DATA = "Basic realm=\"jsonrpc\"";
+static const char* WWW_AUTH_HEADER_DATA = "Basic realm=\"jsonrpc\"";
@@ -157 +157 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
-        req->WriteHeader("WWW-Authenticate",WWW_AUTH_HEADER_DATA);
+        req->WriteHeader("WWW-Authenticate", WWW_AUTH_HEADER_DATA);
@@ -170 +170 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
-        req->WriteHeader("WWW-Authenticate",WWW_AUTH_HEADER_DATA);
+        req->WriteHeader("WWW-Authenticate", WWW_AUTH_HEADER_DATA);
@MarcoFalke
Copy link
Member

MarcoFalke commented Feb 5, 2016

Concept ACK 5bac0a9

A WWW-Authenticate header must be present in the 401
response to make clients know that they can authenticate,
and how.

    WWW-Authenticate: Basic realm="jsonrpc"

Fixes #7462.
@laanwj laanwj force-pushed the laanwj:2016_02_www_authenticate branch to 7c06fbd Feb 8, 2016
@paveljanik
Copy link
Contributor

paveljanik commented Feb 9, 2016

@laanwj laanwj merged commit 7c06fbd into bitcoin:master Feb 9, 2016
1 check passed
1 check passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
laanwj added a commit that referenced this pull request Feb 9, 2016
7c06fbd rpc: Add WWW-Authenticate header to 401 response (Wladimir J. van der Laan)
laanwj added a commit that referenced this pull request Feb 9, 2016
A WWW-Authenticate header must be present in the 401
response to make clients know that they can authenticate,
and how.

    WWW-Authenticate: Basic realm="jsonrpc"

Fixes #7462.

Github-Pull: #7472
Rebased-From: 7c06fbd
@laanwj
Copy link
Member Author

laanwj commented Feb 10, 2016

Cherry-picked to 0.12 as b2f2b85

zkbot added a commit to zcash/zcash that referenced this pull request Jul 25, 2017
[rpc] Add WWW-Authenticate header to 401 response

Fix cherry-picked from upstream PR bitcoin/bitcoin#7472.

Closes #2444.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

4 participants
You can’t perform that action at this time.