send a basic-auth popup header if require_valid_user=true, to prevent lock-out

git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@979070 13f79535-47bb-0310-9956-ffa450edef68

2 files changed, 5 insertions, 2 deletions

diff --git a/etc/couchdb/local.ini b/etc/couchdb/local.ini
index 7aa049a0..f20b197a 100644
--- a/etc/couchdb/local.ini
+++ b/etc/couchdb/local.ini
@@ -14,7 +14,9 @@
 ;WWW-Authenticate = Basic realm="administrator"
 
 [couch_httpd_auth]
-; if you set this to true, you should also uncomment the WWW-Authenticate line above
+; If you set this to true, you should also uncomment the WWW-Authenticate line
+; above. If you don't configure a WWW-Authenticate header, CouchDB will send
+; Basic realm="server" in order to prevent you getting logged out.
 ; require_valid_user = false
 
 [log]
diff --git a/src/couchdb/couch_httpd.erl b/src/couchdb/couch_httpd.erl
index faf14bcc..b531d3d6 100644
--- a/src/couchdb/couch_httpd.erl
+++ b/src/couchdb/couch_httpd.erl
@@ -750,7 +750,8 @@ error_headers(#httpd{mochi_req=MochiReq}=Req, Code, ErrorStr, ReasonStr) ->
                     AuthRedirect ->
                         case couch_config:get("couch_httpd_auth", "require_valid_user", "false") of
                         "true" ->
-                            {Code, []};
+                            % send the browser popup header no matter what if we are require_valid_user
+                            {Code, [{"WWW-Authenticate", "Basic realm=\"server\""}]};
                         _False ->
                             % if the accept header matches html, then do the redirect. else proceed as usual.
                             case re:run(MochiReq:get_header_value("Accept"), "html", [{capture, none}]) of