From 34f6ea1d041fef0466988fd855f79659dc6ee2fe Mon Sep 17 00:00:00 2001
From: Mikael Nordfeldth <mmn@hethane.se>
Date: Mon, 10 Nov 2014 12:17:39 +0100
Subject: [PATCH] Present WWW-Authenticate on failure to authenticate

---
 lib/apiauthaction.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/apiauthaction.php b/lib/apiauthaction.php
index 0a1e0b8e24..40161b7ab5 100644
--- a/lib/apiauthaction.php
+++ b/lib/apiauthaction.php
@@ -317,11 +317,14 @@ class ApiAuthAction extends ApiAction
                     $this->auth_user_nickname
                 );
                 $this->logAuthFailure($msg);
+
+                // We must present WWW-Authenticate in accordance to HTTP status code 401
+                header('WWW-Authenticate: Basic realm="' . $realm . '"');
                 // TRANS: Client error thrown when authentication fails.
                 $this->clientError(_('Could not authenticate you.'), 401);
             }
         } else {
-            // all get rw access for actions that don't need auth
+            // all get rw access for actions that don't require auth
             $this->access = self::READ_WRITE;
         }
     }
-- 
2.39.5