Not able to login after attempting without user name #1140
Comments
ghost
assigned 
|
Added a flag for Basic |
|
What is the new response code if the user enters empty and it's rejected? |
|
It's 400 but should be changed to 401. I'll open an issue. |
jmonster
pushed a commit
to jmonster/hapi
that referenced
this issue
Feb 10, 2014
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
When attempting basic auth, if the user does not enter a user name they will never be able to log in under chrome as the 400 response does not appear to invalidate the entered credentials for Chrome.
I haven't had a chance to read into the spec to see what the defined behavior should be but this seems like a case that we should make chrome happy even if it's interpretation of the spec is incorrect.
Also it seems like there is value to being able to enter the empty string for the basic auth username so perhaps the framework should not validate this and leave it to the
validateFuncto manage.The text was updated successfully, but these errors were encountered: