The stale=true attribute was not sent in the resulting challenge that the server sends, so clients/browsers would unnecessarily ask for the credentials again.
You may want to edit this change if you disagree with the way I pass on the information that the nonce is stale. Actually, I do not understand why you are throwing AuthError in DigestAuthMixin.verify_opaque() in the first place instead of always throwing DigestAuthMixin.SendChallenge().
The
stale=trueattribute was not sent in the resulting challenge that the server sends, so clients/browsers would unnecessarily ask for the credentials again.You may want to edit this change if you disagree with the way I pass on the information that the nonce is stale. Actually, I do not understand why you are throwing
AuthErrorinDigestAuthMixin.verify_opaque()in the first place instead of always throwingDigestAuthMixin.SendChallenge().