Merge pull request #191 from mmd-osm/patch/wwwauthheaders

Reorder WWW-Authenticate headers to work around non-compliant clients
zerebubuth · May 30, 2019 · 5b10768 · 5b10768
2 parents dd5219a + 91dbf32
commit 5b10768
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/process_request.cpp b/src/process_request.cpp
@@ -52,9 +52,9 @@ void respond_401(const http::unauthorized &e, request &r) {
 
   r.status(e.code());
   r.add_header("Content-Type", "text/plain; charset=utf-8");
-  r.add_header("WWW-Authenticate", R"(OAuth realm="OpenStreetMap login required")");
   // Header according to RFC 7617, section 2.1
   r.add_header("WWW-Authenticate", R"(Basic realm="OpenStreetMap login required", charset="UTF-8")");
+  r.add_header("WWW-Authenticate", R"(OAuth realm="OpenStreetMap login required")");
   r.add_header("Content-Length", message_size.str());
   r.add_header("Cache-Control", "no-cache");