Open hellais opened 11 years ago
If login with password fails I get sent the WWW-Authenticate headers and I get prompted to login with username and password.
I believe this has to do with the use of the web.authenticated cyclone decorator that does this automatically.
We should disable the ability to login via WWW-Authenticate HTTP headers, but only do so via FORMs.
If login with password fails I get sent the WWW-Authenticate headers and I get prompted to login with username and password.
I believe this has to do with the use of the web.authenticated cyclone decorator that does this automatically.
We should disable the ability to login via WWW-Authenticate HTTP headers, but only do so via FORMs.