[DO NOT MERGE] [JENKINS-6610] Allow clients to request HTTP 401/WWW-Authenticate #1415
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Do not merge, but please share your thoughts on this.
Non-browser clients currently have the problem that they don't get a proper basic auth challenge from Jenkins for access to a restricted resource: It's just HTTP 403 Forbidden, and a redirect to the login form.
OTOH if Jenkins sends the HTTP 401 response and WWW-Authenticate header, web browsers will start showing the login popup window for basic authentication.
Would a solution like this one be acceptable? RSS clients would then need to start requesting e.g.
/rssAll?basic
to get a proper challenge, if they don't support preemptive authentication. A simple reconfiguration should do it, and for future users all links to RSS feeds on the UI could be changed.I considered a few other solutions in a recent comment to JENKINS-6610, but all of them seem worse than this.