rpc: Add WWW-Authenticate header to 401 response #7472

pull laanwj wants to merge 1 commits into bitcoin:master from laanwj:2016_02_www_authenticate changing 1 files +5 −0

laanwj commented at 9:48 AM on February 5, 2016: member
A WWW-Authenticate header must be present in the 401 response to make clients know that they can authenticate, and how.
```
WWW-Authenticate: Basic realm="jsonrpc"
```
Should fix #7462.
laanwj added the label RPC on Feb 5, 2016
laanwj force-pushed on Feb 5, 2016
laanwj force-pushed on Feb 5, 2016
laanwj added the label Needs backport on Feb 5, 2016
jlopp commented at 6:05 PM on February 5, 2016: contributor

:+1: fixes Java's Authenticator as I reported in #7462

in src/httprpc.cpp:None in 5bac0a943a outdated

  20 | @@ -21,6 +21,9 @@
  21 |  #include <boost/algorithm/string.hpp> // boost::trim
  22 |  #include <boost/foreach.hpp> //BOOST_FOREACH
  23 |  
  24 | +/** WWW-Authenticate to present with 401 Unauthorized response */
  25 | +static const char *WWW_AUTH_HEADER_DATA = "Basic realm=\"jsonrpc\"";

MarcoFalke commented at 7:57 PM on February 5, 2016:

Nit:

diff --git a/src/httprpc.cpp b/src/httprpc.cpp
index 5d54d8f..a447a3e 100644
--- a/src/httprpc.cpp
+++ b/src/httprpc.cpp
@@ -25 +25 @@
-static const char *WWW_AUTH_HEADER_DATA = "Basic realm=\"jsonrpc\"";
+static const char* WWW_AUTH_HEADER_DATA = "Basic realm=\"jsonrpc\"";
@@ -157 +157 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
-        req->WriteHeader("WWW-Authenticate",WWW_AUTH_HEADER_DATA);
+        req->WriteHeader("WWW-Authenticate", WWW_AUTH_HEADER_DATA);
@@ -170 +170 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
-        req->WriteHeader("WWW-Authenticate",WWW_AUTH_HEADER_DATA);
+        req->WriteHeader("WWW-Authenticate", WWW_AUTH_HEADER_DATA);

MarcoFalke commented at 7:57 PM on February 5, 2016: member

Concept ACK 5bac0a9

rpc: Add WWW-Authenticate header to 401 response

A WWW-Authenticate header must be present in the 401
response to make clients know that they can authenticate,
and how.

    WWW-Authenticate: Basic realm="jsonrpc"

Fixes #7462.

7c06fbd8f5

laanwj force-pushed on Feb 8, 2016
paveljanik commented at 6:50 AM on February 9, 2016: contributor

ACK https://github.com/laanwj/bitcoin/commit/7c06fbd8f58058d77c3e9da841811201d2e45e92
laanwj merged this on Feb 9, 2016
laanwj closed this on Feb 9, 2016
laanwj referenced this in commit 3db828f951 on Feb 9, 2016
laanwj referenced this in commit b2f2b85ad5 on Feb 9, 2016
laanwj commented at 7:42 PM on February 10, 2016: member

Cherry-picked to 0.12 as b2f2b85ad5f3456c0a14f36602122d393f01f7fe
laanwj removed the label Needs backport on Feb 10, 2016
zkbot referenced this in commit e88ab1a920 on Jul 25, 2017
MarcoFalke locked this on Sep 8, 2021

Contributors

Labels

Linked (view graph)

#7462 Java Authenticator broken for 0.12 RPC server on Linux