rpc: Add WWW-Authenticate header to 401 response #7472

pull laanwj wants to merge 1 commits into bitcoin:master from laanwj:2016_02_www_authenticate changing 1 files +5 −0
  1. laanwj commented at 9:48 AM on February 5, 2016: member

    A WWW-Authenticate header must be present in the 401 response to make clients know that they can authenticate, and how.

    WWW-Authenticate: Basic realm="jsonrpc"

    Should fix #7462.

  2. laanwj added the label RPC on Feb 5, 2016
  3. laanwj force-pushed on Feb 5, 2016
  4. laanwj force-pushed on Feb 5, 2016
  5. laanwj cross-referenced this on Feb 5, 2016 from issue Java Authenticator broken for 0.12 RPC server on Linux by jlopp
  6. laanwj added the label Needs backport on Feb 5, 2016
  7. jlopp commented at 6:05 PM on February 5, 2016: contributor

    :+1: fixes Java's Authenticator as I reported in #7462

  8. in src/httprpc.cpp:None in 5bac0a943a outdated 
      20 | @@ -21,6 +21,9 @@
  21 |  #include <boost/algorithm/string.hpp> // boost::trim
  22 |  #include <boost/foreach.hpp> //BOOST_FOREACH
  23 |  
  24 | +/** WWW-Authenticate to present with 401 Unauthorized response */
  25 | +static const char *WWW_AUTH_HEADER_DATA = "Basic realm=\"jsonrpc\"";
    MarcoFalke commented at 7:57 PM on February 5, 2016:

    Nit:

    diff --git a/src/httprpc.cpp b/src/httprpc.cpp
index 5d54d8f..a447a3e 100644
--- a/src/httprpc.cpp
+++ b/src/httprpc.cpp
@@ -25 +25 @@
-static const char *WWW_AUTH_HEADER_DATA = "Basic realm=\"jsonrpc\"";
+static const char* WWW_AUTH_HEADER_DATA = "Basic realm=\"jsonrpc\"";
@@ -157 +157 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
-        req->WriteHeader("WWW-Authenticate",WWW_AUTH_HEADER_DATA);
+        req->WriteHeader("WWW-Authenticate", WWW_AUTH_HEADER_DATA);
@@ -170 +170 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
-        req->WriteHeader("WWW-Authenticate",WWW_AUTH_HEADER_DATA);
+        req->WriteHeader("WWW-Authenticate", WWW_AUTH_HEADER_DATA);
  9. MarcoFalke commented at 7:57 PM on February 5, 2016: member

    Concept ACK 5bac0a9

  10. rpc: Add WWW-Authenticate header to 401 response
    A WWW-Authenticate header must be present in the 401
response to make clients know that they can authenticate,
and how.

    WWW-Authenticate: Basic realm="jsonrpc"

Fixes #7462.
    7c06fbd8f5
  11. laanwj force-pushed on Feb 8, 2016
  13. laanwj merged this on Feb 9, 2016
  14. laanwj closed this on Feb 9, 2016
  15. laanwj referenced this in commit 3db828f951 on Feb 9, 2016
  16. laanwj referenced this in commit b2f2b85ad5 on Feb 9, 2016
  17. laanwj commented at 7:42 PM on February 10, 2016: member

    Cherry-picked to 0.12 as b2f2b85ad5f3456c0a14f36602122d393f01f7fe

  18. laanwj removed the label Needs backport on Feb 10, 2016
  19. str4d cross-referenced this on Jul 12, 2017 from issue RPC 401 Unauthorized After Upgrade to version 1000950 by ethought
  20. str4d cross-referenced this on Jul 12, 2017 from issue [rpc] Add WWW-Authenticate header to 401 response by str4d
  21. zkbot referenced this in commit e88ab1a920 on Jul 25, 2017
  22. bitcoin locked this on Sep 8, 2021
Contributors
laanwjjloppMarcoFalkepaveljanik
Labels
RPC/REST/ZMQ
Linked (view graph)
#7462 Java Authenticator broken for 0.12 RPC server on Linux
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-19 06:55 UTC