mirror of
https://github.com/zulip/zulip.git
synced 2025-11-11 01:16:19 +00:00
250781e843
If a user's session cookie expired, the next REST API request their browser did would go into the json_unauthorized code path. This returned a response with a WWW-Authenticate tag for HTTP Basic Auth (since that's what the REST API uses), even for /json requests which should only be authenticated using session auth. We fix this by explicitly passing the desired WWW-Authenticate state. Fixes: #800.
4.4 KiB
4.4 KiB