diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index f788c179d1c24b4db0f16814d9a37db4aea2398b..5e2ab7ed9c71680859a7d08c756005f6df7f46bb 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -128,8 +128,8 @@ class ApplicationController < ActionController::Base
respond_to do |format|
format.html { redirect_to :controller => "account", :action => "login", :back_url => url }
format.atom { redirect_to :controller => "account", :action => "login", :back_url => url }
- format.xml { head :unauthorized }
- format.json { head :unauthorized }
+ format.xml { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
+ format.json { head :unauthorized, 'WWW-Authenticate' => 'Basic realm="Redmine API"' }
end
return false
end
diff --git a/test/integration/http_basic_login_test.rb b/test/integration/http_basic_login_test.rb
index 7f5c15c7d0e288c956d1f724af0228475a0c817d..9ec69a8c922755cbb317e21333b97289f10bfc7e 100644
--- a/test/integration/http_basic_login_test.rb
+++ b/test/integration/http_basic_login_test.rb
@@ -44,6 +44,18 @@ class HttpBasicLoginTest < ActionController::IntegrationTest
assert_equal User.anonymous, User.current
end
end
+
+ context "without credentials" do
+ setup do
+ get "/projects/onlinestore/news.xml"
+ end
+
+ should_respond_with :unauthorized
+ should_respond_with_content_type :xml
+ should "include_www_authenticate_header" do
+ assert @controller.response.headers.has_key?('WWW-Authenticate')
+ end
+ end
end
context "in :json format" do
@@ -76,5 +88,16 @@ class HttpBasicLoginTest < ActionController::IntegrationTest
end
end
+ context "without credentials" do
+ setup do
+ get "/projects/onlinestore/news.json"
+ end
+
+ should_respond_with :unauthorized
+ should_respond_with_content_type :json
+ should "include_www_authenticate_header" do
+ assert @controller.response.headers.has_key?('WWW-Authenticate')
+ end
+ end
end
end