return 401 instead of 400 if no password or username is provided

jaredhanson / passport-http

HTTP Basic and Digest authentication strategies for Passport and Node.js.

https://www.passportjs.org/packages/passport-http/?utm_source=github&utm_medium=referral&utm_campaign=passport-http&utm_content=about

MIT License

268 stars 110 forks source link

return 401 instead of 400 if no password or username is provided #11

Closed fjakobs closed 11 years ago

fjakobs commented 11 years ago

Like in #9 the basic auth strategy also returns a 400 code when no password or username is provided. The same browser cache issues arise as in the digest strategy.

I'm wondering why this check is here in the first place. Shouldn't this be the decision of the user in the verify callback?