Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-01-17 11:56:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix typo in HTTP Basic Auth Provider documentation

Browse Source 
The documentation states that setting the header `X-Requested-By` will remove the `WWW-Authenticate` header from the response.
However, after testing this and reading the library code it looks like the header to set is `X-Requested-With` (X-Requested-By is mentioned nowhere except in this documentation file), so I propose this simple PR to fix this.

Signed-off-by: Martin Boulais <31805063+martinboulais@users.noreply.github.com>
This commit is contained in:
Martin Boulais 2025-11-02 10:39:48 +01:00 committed by Rob Winch
parent d20c88ecef
commit 1d8ea63a9e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/modules/ROOT/pages/servlet/authentication/passwords/basic.adoc
View File

@ -24,7 +24,7 @@ The `RequestCache` is typically a `NullRequestCache` that does not save the requ
[NOTE]
====
The default HTTP Basic Auth Provider will suppress both Response body and `WWW-Authenticate` header in the 401 response when the request was made with a `X-Requested-By: XMLHttpRequest` header.
The default HTTP Basic Auth Provider will suppress both Response body and `WWW-Authenticate` header in the 401 response when the request was made with a `X-Requested-With: XMLHttpRequest` header.
This allows frontends to implement their own authentication code, instead of triggering the browser login dialog.
To override, implement your own javadoc:org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint[].
====