Closed sina-rostami closed 1 year ago
I would prefer not to mess with the HTTP standard, which at least in my understanding indicates that WWW-Authenticate
is a required header (docs here).
The issue of the browser prompting for credentials has been discussed before here. There are actually two methods to prevent the browser from doing this:
scheme
to something other than Basic
, for example: basic_auth = HTTPBasicAuth(scheme='SilentBasic')
.My recommendation is to go with the first option.
Thank you for your reply, the first option worked for me.
Hi, thank you for your work.
You put the
WWW-Authenticate
header on all responses and in the case of basic authentication, this leads the browsers to prompt for username and password every time. however, maybe someone doesn't want this.I am developing a service in which I want to take some actions in case of wrong credentials, but the browser constantly prompts me for a username and password repeatedly.
I fixed the problem by commenting line that sets the header. But I thought it would be good if the user could control this feature.
I can open a pull request for this if you agree with the logic.
Regards.