Basic authentication now behaves as expected returning correct headers

TykTechnologies · Jul 24, 2014 · c84d8be · c84d8be
1 parent 839eb86
commit c84d8be
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/handler_error.go b/handler_error.go
@@ -68,9 +68,10 @@ func (e ErrorHandler) HandleError(w http.ResponseWriter, r *http.Request, err st
 		go analytics.RecordHit(thisRecord)
 	}
 
-	w.WriteHeader(errCode)
 	w.Header().Add("Content-Type", "application/json")
 	w.Header().Add("X-Generator", "tyk.io")
+	log.Debug("Returning error header")
+	w.WriteHeader(errCode)
 	thisError := APIError{fmt.Sprintf("%s", err)}
 	templates.ExecuteTemplate(w, "error.json", &thisError)
 	if doMemoryProfile {

diff --git a/middleware_basic_auth_check.go b/middleware_basic_auth_check.go
@@ -28,7 +28,11 @@ func (k BasicAuthKeyIsValid) New() func(http.Handler) http.Handler {
 				}).Info("Attempted access with malformed header, no auth header found.")
 
 				handler := ErrorHandler{k.TykMiddleware}
-				handler.HandleError(w, r, "Authorisation field missing", 400)
+
+				authReply := "Basic realm=\"" + k.TykMiddleware.Spec.Name + "\""
+
+				w.Header().Add("WWW-Authenticate", authReply)
+				handler.HandleError(w, r, "Authorisation field missing", 401)
 				return
 			}