2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-26 19:40:12 +00:00

Give client method to suppress auth header

A javascript client running in browser may want
the standard authorization header suppressed.
This allows a client to block the default browser
authentication prompt.
This commit is contained in:
Jarrod Johnson 2016-02-26 08:35:51 -05:00
parent 76ff9fd759
commit ba6b7cf517

View File

@ -306,18 +306,17 @@ def resourcehandler_backend(env, start_response):
operation = querydict['restexplorerop']
del querydict['restexplorerop']
authorized = _authorize_request(env, operation)
if 'HTTP_SUPPRESSAUTHHEADER' in env:
badauth = [('Content-type', 'text/plain')]
else:
badauth = [('Content-type', 'text/plain'),
('WWW-Authenticate', 'Basic realm="confluent"')]
if authorized['code'] == 401:
start_response(
'401 Authentication Required',
[('Content-type', 'text/plain'),
('WWW-Authenticate', 'Basic realm="confluent"')])
start_response('401 Authentication Required', badauth)
yield 'authentication required'
return
if authorized['code'] == 403:
start_response(
'403 Forbidden',
[('Content-type', 'text/plain'),
('WWW-Authenticate', 'Basic realm="confluent"')])
start_response('403 Forbidden', badauth)
yield 'authorization failed'
return
if authorized['code'] != 200: