kong fix(ldap): add missing www-authenticate headers

fix(ldap): add missing www-authenticate headers

Open nowNick opened this issue 1 year ago • 0 comments

Summary

When kong returns 401 Unauthorized response it should return WWW-Authenticate header with proper challenge. Ldap auth was missing this header on some responses.

Related PRs:

https://github.com/Kong/kong/pull/11791
https://github.com/Kong/kong/pull/11792
https://github.com/Kong/kong/pull/11794
https://github.com/Kong/kong/pull/11795
https://github.com/Kong/kong/pull/11833

RFCs & Materials

https://httpwg.org/specs/rfc7235.html#status.401
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate

Checklist

[x] The Pull Request has tests
[x] A changelog file has been created under changelog/unreleased/kong or skip-changelog label added on PR if changelog is unnecessary. README.md
[x] N/A ~~There is a user-facing docs PR against https://github.com/Kong/docs.konghq.com - PUT DOCS PR HERE~~

Full changelog

add WWW-Authenticate header to all ldap 401 response

Issue reference

Fix #7772
KAG-321

Oct 23 '23 14:10 nowNick

kong kong copied to clipboard

fix(ldap): add missing www-authenticate headers

Summary

Related PRs:

RFCs & Materials

Checklist

Full changelog

Issue reference

kong
kong copied to clipboard