changeset 6dd90d016674 in trytond:5.6
details: https://hg.tryton.org/trytond?cmd=changeset;node=6dd90d016674
description:
Do not set WWW-Authenticate on XMLHttpRequest
Client using XMLHttpRequest should manage themselves the authentication.
So by not setting the header, we prevent the browser to raise an
authentication
popup.
issue9535
review290791002
(grafted from 59895ad063a85ad80f23e5ccd857ca4ab91fb938)
diffstat:
trytond/wsgi.py | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
diffs (17 lines):
diff -r 70a907566c63 -r 6dd90d016674 trytond/wsgi.py
--- a/trytond/wsgi.py Sun Aug 02 17:24:59 2020 +0200
+++ b/trytond/wsgi.py Sat Aug 29 18:21:01 2020 +0200
@@ -76,9 +76,10 @@
if request.user_id:
return wrapped(*args, **kwargs)
else:
- response = Response(
- None, http.client.UNAUTHORIZED,
- {'WWW-Authenticate': 'Basic realm="Tryton"'})
+ headers = {}
+ if request.headers.get('X-Requested-With') != 'XMLHttpRequest':
+ headers['WWW-Authenticate'] = 'Basic realm="Tryton"'
+ response = Response(None, http.client.UNAUTHORIZED, headers)
abort(http.client.UNAUTHORIZED, response=response)
def check_request_size(self, request, size=None):
