buddy.auth.backends.token/handle-unauthorized-default violates RFC 7235 section 4.1. WWW-Authenticate

[RFC 7235 section 4.1. WWW-Authenticate](https://tools.ietf.org/html/rfc7235#section-4.1) specifies:

> A server generating a 401 (Unauthorized) response MUST send a WWW-Authenticate header field containing at least one challenge.

However, buddy.auth.backends.token/handle-unauthorized-default sends a 401 status response without a `WWW-Authenticate` header:

https://github.com/funcool/buddy-auth/blob/36a02a43d781ed10ca1fec1984f444f5dc818215/src/buddy/auth/backends/token.clj#L22-L27

	(defn- handle-unauthorized-default
	"A default response constructor for an unauthorized request."
	[request]
	(if (authenticated? request)
	{:status 403 :headers {} :body "Permission denied"}
	{:status 401 :headers {} :body "Unauthorized"}))

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

buddy.auth.backends.token/handle-unauthorized-default violates RFC 7235 section 4.1. WWW-Authenticate #83

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

buddy.auth.backends.token/handle-unauthorized-default violates RFC 7235 section 4.1. WWW-Authenticate #83

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions