diff options
author | Lukas Reschke <lukas@owncloud.com> | 2016-02-15 15:38:37 +0100 |
---|---|---|
committer | Lukas Reschke <lukas@owncloud.com> | 2016-02-15 15:38:37 +0100 |
commit | dfc3536d2b95fea1b54b3e85651e3a66c2d0088e (patch) | |
tree | 4684fca73dc97a3d74c466ae1512246e4895d301 /lib/private/api.php | |
parent | b8b77709c05df3d820af2bfc83ff9d386bc19990 (diff) | |
download | nextcloud-server-dfc3536d2b95fea1b54b3e85651e3a66c2d0088e.tar.gz nextcloud-server-dfc3536d2b95fea1b54b3e85651e3a66c2d0088e.zip |
Catch auth coming from JS in OCS
Diffstat (limited to 'lib/private/api.php')
-rw-r--r-- | lib/private/api.php | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/lib/private/api.php b/lib/private/api.php index 452612d4c16..6c6be233c9d 100644 --- a/lib/private/api.php +++ b/lib/private/api.php @@ -377,9 +377,16 @@ class OC_API { * @param string $format the format xml|json */ public static function respond($result, $format='xml') { + $request = \OC::$server->getRequest(); + // Send 401 headers if unauthorised if($result->getStatusCode() === API::RESPOND_UNAUTHORISED) { - header('WWW-Authenticate: Basic realm="Authorisation Required"'); + // If request comes from JS return dummy auth request + if($request->getHeader('X-Requested-With') === 'XMLHttpRequest') { + header('WWW-Authenticate: DummyBasic realm="Authorisation Required"'); + } else { + header('WWW-Authenticate: Basic realm="Authorisation Required"'); + } header('HTTP/1.0 401 Unauthorized'); } @@ -389,7 +396,7 @@ class OC_API { $meta = $result->getMeta(); $data = $result->getData(); - if (self::isV2(\OC::$server->getRequest())) { + if (self::isV2($request)) { $statusCode = self::mapStatusCodes($result->getStatusCode()); if (!is_null($statusCode)) { $meta['statuscode'] = $statusCode; |