Closed karenetheridge closed 3 years ago
This is being caused by the WWW-Authenticate
header being returned in the response, which was added to the API here: https://github.com/joyent/conch-api/pull/985
I still think it's odd that the response (and its headers) is being seen by the browser rather than being captured by the js that made the request. The API does not structure its responses with the browser in mind.
This issue has been resolved by https://github.com/joyent/conch-api/pull/1042.
As discussed in MM last week -- when the user enters an invalid password at the login page, the 401 response is being sent back to the browser which kicks up a default user auth form.