WWW-Authenticate header for unauthenticated requests is not clear

owncloud / ocis

:atom_symbol: ownCloud Infinite Scale Stack

https://doc.owncloud.com/ocis/next/

Apache License 2.0

1.38k stars 181 forks source link

WWW-Authenticate header for unauthenticated requests is not clear #2285

Open dpakach opened 3 years ago

dpakach commented 3 years ago

Describe the bug

While doing unauthenticated requests, WWW-Authenticate header gives Basic realm=localhost:9200 I should give the product name and encoding as it does in oc 10 eg < WWW-Authenticate: Basic realm="ownCloud", charset="UTF-8"

Setup

Please describe how you started the server and provide a list of relevant environment variables.

```console OCIS_VERSION=vX.X.X BRANCH=vX.X.X STORAGE_FRONTEND_UPLOAD_DISABLE_TUS=false ```

Additional context

Add any other context about the problem here.

refs commented 3 years ago

makes sense. Having the ownCloud realm would mean the credentials are valid for any page with that realm. A thing to keep in mind is that Reva is using this header. Is there a side effect from the realm being localhost:9200?

jvillafanez commented 3 years ago

I'm not fully sure, but it seems that the host is being set in https://github.com/owncloud/ocis/blob/c996b6462be113b5ac7be23c461c713cb617a335/proxy/pkg/proxy/proxy.go#L239 by the reverse proxy automatically. This means that we might need to overwrite the header ourselves since I haven't found a way to provide the realm.

There are other places where we're already setting the header under some conditions, so those places will need to be adjusted as well.