Comments (9)
miguelgrinberg
commented on June 18, 2024
1
Sorry, I dropped the ball on this. I have now release 2.7.0, which adds scheme and realm arguments to the two auth constructors. Set the scheme to anything other than Basic/Digest to prevent the browser from displaying the login prompt.
from flask-httpauth.
miguelgrinberg
commented on June 18, 2024
Can you be more explicit about this idea? Are you thinking in using a custom header or something else?
from flask-httpauth.
jackunion
commented on June 18, 2024
@miguelgrinberg Talking about this popup:
This stackoverflow question and this blog post provide more details.
I think it's really dirty and ugly hack, but I couldn't find anything better.
from flask-httpauth.
miguelgrinberg
commented on June 18, 2024
Okay, this is something that is fairly easy to do, I'll look into it. My way of avoiding the login prompt was to return 403 instead of 401. I think this is still a hack, but less than switching status codes.
from flask-httpauth.
soda29
commented on June 18, 2024
I would love to have this.
Where does you define to return a 403 instead of a 401?
from flask-httpauth.
miguelgrinberg
commented on June 18, 2024
@soda29 In the custom error handler. There you can return one, two or three values, just like you do in a regular Flask view function.
from flask-httpauth.
soda29
commented on June 18, 2024
Yes sorry, i managed to change it from the custom error handler with a make_response as the documentation says.
Thanks Miguel!
from flask-httpauth.
jfpoilpret
commented on June 18, 2024
Currently, in order to avoid browser popup, I return 401 without WWW-Authenticate header, and that does the trick.
Unfortunately, I have to somehow hack HTTPBasicAuth as follows:
auth = HTTPBasicAuth()
def auth_error_handler():
res = make_response('Invalid credientials')
res.status_code = 401
return res
auth.auth_error_callback = auth_error_handler
But this short-circuits HTTPAuth @error_handler decorator which I cannot use anymore.
I think it would be much better if HTTPAuth supported a kind of no_authenticate_header flag or method to avoid this hack.
from flask-httpauth.
jfpoilpret
commented on June 18, 2024
Great Miguel, thanks! I was using release 2.6.0.
Now everything is working fine, just using some "Dummy" authentication scheme.
from flask-httpauth.
Related Issues (20)
- Critical security issue when uploading files HOT 2
- How do I make HTTPDigestAuth not use cookies? HOT 2
- Token refresh HOT 1
- Unable to change user and password for authenticate HOT 6
- Digest Auth plain-text passwords HOT 4
- __version__ is gone HOT 4
- Is there any plan to support 'qop' option? HOT 5
- Optional use of @auth.login_required HOT 2
- Custom return response on unauthorized HOT 2
- user/pwd encoding is assumed (hardcoded) to be utf-8 HOT 5
- verify_token custom error based on verification outcome HOT 1
- Customized 401 page HOT 3
- Restrict endpoint to selected auth in MultiAuth HOT 2
- Role based authentication for MultiAuth HOT 2
- Token Auth Example won't run with with itsdangerous > 2.0 HOT 1
- Flask_httpauth installation not working with pip but worked with pip3 HOT 2
- Decorator verify_token not working with changes version werkzeug 2.3.0
- Token is `None` in containerized setup HOT 16
- make setting header configurable HOT 2
- Trailing '==' in a token breaks verify_token() HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flask-httpauth.