There is no official or standardized way to "force" authentication,
because this is really a non-standard thing you do.
I would more suggest a login request path like
"https://foo.com/login.php"; or whatever scripting is used, that would
return 401 with the challenge response header. Authenticating to it
would simply make firefox remember that for any request to a resource at
`https://foo.com/` we have to send the Authorization header. This would
be session-only, on restart you would have to do this again.
Other option is to add a custom header to the request, like
`X-Force-WWW-Auth: 1` or whatever X- prefix you see fit.
Please keep in mind the `Vary: Authorization` response header too.
-hb-
On 2019-09-10 16:56, john.bieling--- via dev-platform wrote:
Alternatively, the admin wants me to send a bogus authenticate header, like
Authenticate: X to trigger the authentication.
I really do not like that. Maybe I can get him to jump into the discussion.
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
