When auth header is missing send WWW-Authenticate header and a 401 (#127)
diff --git a/provider/lib/utils.js b/provider/lib/utils.js
index bca66cb..f7cd444 100644
--- a/provider/lib/utils.js
+++ b/provider/lib/utils.js
@@ -373,7 +373,9 @@
if (utils.endpointAuth) {
if (!req.headers.authorization) {
- return utils.sendError(method, HttpStatus.BAD_REQUEST, 'Malformed request, authentication header expected', res);
+ res.set('www-authenticate', 'Basic realm="Private"');
+ res.status(HttpStatus.UNAUTHORIZED);
+ return res.send('');
}
var parts = req.headers.authorization.split(' ');