changeset 59895ad063a8 in trytond:default
details: https://hg.tryton.org/trytond?cmd=changeset;node=59895ad063a8
description:
Do not set WWW-Authenticate on XMLHttpRequest
Client using XMLHttpRequest should manage themselves the authentication.
So by not setting the header, we prevent the browser to raise an
authentication
popup.
issue9535
review290791002
diffstat:
trytond/wsgi.py | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
diffs (17 lines):
diff -r 775245f3903c -r 59895ad063a8 trytond/wsgi.py
--- a/trytond/wsgi.py Tue Aug 18 09:47:23 2020 +0200
+++ b/trytond/wsgi.py Sat Aug 29 18:21:01 2020 +0200
@@ -77,9 +77,10 @@
if request.user_id:
return wrapped(*args, **kwargs)
else:
- response = Response(
- None, http.client.UNAUTHORIZED,
- {'WWW-Authenticate': 'Basic realm="Tryton"'})
+ headers = {}
+ if request.headers.get('X-Requested-With') != 'XMLHttpRequest':
+ headers['WWW-Authenticate'] = 'Basic realm="Tryton"'
+ response = Response(None, http.client.UNAUTHORIZED, headers)
abort(http.client.UNAUTHORIZED, response=response)
def check_request_size(self, request, size=None):
