set WWW-Authenticate header on http_auth if request is not xhr

2022-11-09 12:18:31 -05:00 · 2010-09-01 05:29:28 +08:00 · 2010-09-01 05:29:28 +08:00 · e582112369
commit e582112369
parent 736654e1bc
2 changed files with 2 additions and 2 deletions
--- a/lib/devise/failure_app.rb
+++ b/lib/devise/failure_app.rb
@ -33,7 +33,7 @@ module Devise

    def http_auth
      self.status = 401
-      self.headers["WWW-Authenticate"] = %(Basic realm=#{Devise.http_authentication_realm.inspect})
+      self.headers["WWW-Authenticate"] = %(Basic realm=#{Devise.http_authentication_realm.inspect}) unless request.xhr?
      self.content_type = request.format.to_s
      self.response_body = http_auth_body
    end
--- a/test/failure_app_test.rb
+++ b/test/failure_app_test.rb
@ -99,7 +99,7 @@ class FailureTest < ActiveSupport::TestCase
      swap Devise, :http_authenticatable_on_xhr => true do
        call_failure('formats' => :html, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
        assert_equal 401, @response.first
-        assert_equal 'Basic realm="Application"', @response.second["WWW-Authenticate"]
+        assert_nil @response.second['WWW-Authenticate']
      end
    end