aboutsummaryrefslogtreecommitdiff
path: root/src/httprpc.cpp
diff options
context:
space:
mode:
authorWladimir J. van der Laan <laanwj@gmail.com>2016-02-05 10:45:50 +0100
committerWladimir J. van der Laan <laanwj@gmail.com>2016-02-08 09:16:29 +0100
commit7c06fbd8f58058d77c3e9da841811201d2e45e92 (patch)
tree12e6ec3bb8236297328c802994cd95af449f70f2 /src/httprpc.cpp
parent152a8216cc7b170eed26ee4c3a65dbe592e55f05 (diff)
rpc: Add WWW-Authenticate header to 401 response
A WWW-Authenticate header must be present in the 401 response to make clients know that they can authenticate, and how. WWW-Authenticate: Basic realm="jsonrpc" Fixes #7462.
Diffstat (limited to 'src/httprpc.cpp')
-rw-r--r--src/httprpc.cpp5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/httprpc.cpp b/src/httprpc.cpp
index 432a5c0792..a447a3eff8 100644
--- a/src/httprpc.cpp
+++ b/src/httprpc.cpp
@@ -21,6 +21,9 @@
#include <boost/algorithm/string.hpp> // boost::trim
#include <boost/foreach.hpp> //BOOST_FOREACH
+/** WWW-Authenticate to present with 401 Unauthorized response */
+static const char* WWW_AUTH_HEADER_DATA = "Basic realm=\"jsonrpc\"";
+
/** Simple one-shot callback timer to be used by the RPC mechanism to e.g.
* re-lock the wellet.
*/
@@ -151,6 +154,7 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
// Check authorization
std::pair<bool, std::string> authHeader = req->GetHeader("authorization");
if (!authHeader.first) {
+ req->WriteHeader("WWW-Authenticate", WWW_AUTH_HEADER_DATA);
req->WriteReply(HTTP_UNAUTHORIZED);
return false;
}
@@ -163,6 +167,7 @@ static bool HTTPReq_JSONRPC(HTTPRequest* req, const std::string &)
shouldn't have their RPC port exposed. */
MilliSleep(250);
+ req->WriteHeader("WWW-Authenticate", WWW_AUTH_HEADER_DATA);
req->WriteReply(HTTP_UNAUTHORIZED);
return false;
}