Comments (5)
This is currently not possible, but you are not the first to request this. The problem is that the current version of the extension will directly return a 401 error when the request does not include the authorization header. The change that I was planning to make was to allow the password validation password to be called even when the header is missing. You can then return True
from the password validation callback and set something in flask.g
to indicate to the route that there is no user authenticated.
from flask-httpauth.
But still, it seems that your solution right now still requires an auth header in the request, or it would abort 401 anyway.
from flask-httpauth.
Correct, this requires a change that I was considering for the future, it
is not possible right now. I'll try to look into it tomorrow.
On Feb 4, 2015 11:25 PM, "fyears" [email protected] wrote:
But still, it seems that your solution right now still requires an auth
header in the request, or it would abort 401 anyway.—
Reply to this email directly or view it on GitHub
#17 (comment)
.
from flask-httpauth.
Addressed in version 2.4.0. In this version for requests that don't have an Authorization
header the extension calls the verify_password()
callback with username
and password
set to empty strings. You can opt to return True
and that will let the request through. You can write something to flask.g
so that the route know the user is anonymous.
from flask-httpauth.
Thank you.
Just a reference, this issue is solved in commit 5c5396b .
from flask-httpauth.
Related Issues (20)
- Critical security issue when uploading files HOT 2
- How do I make HTTPDigestAuth not use cookies? HOT 2
- Token refresh HOT 1
- Unable to change user and password for authenticate HOT 6
- Digest Auth plain-text passwords HOT 4
- __version__ is gone HOT 4
- Is there any plan to support 'qop' option? HOT 5
- Optional use of @auth.login_required HOT 2
- Custom return response on unauthorized HOT 2
- user/pwd encoding is assumed (hardcoded) to be utf-8 HOT 5
- verify_token custom error based on verification outcome HOT 1
- Customized 401 page HOT 3
- Restrict endpoint to selected auth in MultiAuth HOT 2
- Role based authentication for MultiAuth HOT 2
- Token Auth Example won't run with with itsdangerous > 2.0 HOT 1
- Flask_httpauth installation not working with pip but worked with pip3 HOT 2
- Decorator verify_token not working with changes version werkzeug 2.3.0
- Token is `None` in containerized setup HOT 16
- make setting header configurable HOT 2
- Trailing '==' in a token breaks verify_token() HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flask-httpauth.