set WWW-Authenticate header on http_auth if request is not xhr

lib/devise/failure_app.rb

@@ -33,7 +33,7 @@ module Devise
 
     def http_auth
       self.status = 401
-      self.headers["WWW-Authenticate"] = %(Basic realm=#{Devise.http_authentication_realm.inspect})
+      self.headers["WWW-Authenticate"] = %(Basic realm=#{Devise.http_authentication_realm.inspect}) unless request.xhr?
       self.content_type = request.format.to_s
       self.response_body = http_auth_body
     end

test/failure_app_test.rb

@@ -99,7 +99,7 @@ class FailureTest < ActiveSupport::TestCase
       swap Devise, :http_authenticatable_on_xhr => true do
         call_failure('formats' => :html, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest')
         assert_equal 401, @response.first
-        assert_equal 'Basic realm="Application"', @response.second["WWW-Authenticate"]
+        assert_nil @response.second['WWW-Authenticate']
       end
     end