Missing WWW-Authenticate header in 401 responses

[dwightgunning]

Output of rest-server --version

rest-server version rest-server 0.12.1 compiled with go1.20.5 on linux/arm64

Problem description / Steps to reproduce

dwight@chadwick:~ $ wget --user=dwight --ask-password http://<snip>:<snip>/config
Password for user ‘dwight’:
--2025-12-11 17:23:39--  http://<snip>:<snip>/config
Resolving <snip> (<snip>)... <snip>
Connecting to <snip> (<snip>)|<snip>|:<snip>... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Unknown authentication scheme.

Username/Password Authentication Failed.

Note the unknown authentication scheme.

Expected behavior

Per the HTTP spec, the 401 response should include a WWW-Authenticate header. This facilitates a challenge-response flow to negotiate authentication.

Actual behavior

dwight@chadwick:~ $ wget -S http://<snip>:<snip>/config
--2025-12-11 17:21:32--  http://<snip>:<snip>/config
Resolving volta.cinnamon-snake.ts.net (volta.cinnamon-snake.ts.net)... <snip>
Connecting to <snip> (<snip>)|<snip>|:<snip>... connected.
HTTP request sent, awaiting response...
  HTTP/1.1 401 Unauthorized
  Content-Type: text/plain; charset=utf-8
  X-Content-Type-Options: nosniff
  Date: Thu, 11 Dec 2025 17:21:33 GMT
  Content-Length: 13

Username/Password Authentication Failed.

Note the lack of a WWW-Authenticate response header.

Do you have any idea what may have caused this?

No.

Did rest-server help you today? Did it make you happy in any way?

rest-server is a great compliment to restic and an essential component in my backup solution.