donglankui1263
donglankui1263
2017-08-14 01:22

更改基本HTTP身份验证领域和登录对话框消息

已采纳

I want to change the message that pops up during implementation of Basic Auth.The current default message is:

enter image description here

Server requires a username and password.

Something that would be more accurate for me is :

Server requires an Email and Password.

My problem is that i can't find or don't know where this message is set and if it can be changed. Most of the questions online are about Basic Auth implemention but this is not my problem -- i can implement it very fine. I just need a more accurate response for the user.

Here is how i force an authentication window using echo:

c.Response().Header().Set(echo.HeaderWWWAuthenticate, `Basic realm="Your Email is your Username"`)
return echo.ErrUnauthorized

NB: Only Firefox shows the realm message. Both Chrome and Opera do not.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

2条回答

  • doufangpian5545 doufangpian5545 4年前

    Thanks for the responses but they were not satisfactory. I had to do some reading on this topic.

    The correct answer is that the login prompt/dialog is a response built into the user-agent/browser and cannot be changed by the server. This also explains why some browsers show realm while others don't.

    According to Wikipedia Basic access authentication all the server does is:

    When the server wants the user agent to authenticate itself towards the server, it must respond appropriately to unauthenticated requests.

    Unauthenticated requests should return a response whose header contains a HTTP 401 Unauthorized status[4] and a WWW-Authenticate field.[5]

    The WWW-Authenticate field for basic authentication (used most often) is constructed as following:

    WWW-Authenticate: Basic realm="User Visible Realm"

    点赞 评论 复制链接分享
  • doushuo1080 doushuo1080 4年前

    This is not related to Go but actually to browser behaviour when receiving that header.

    It seems Chrome/Chromium has a known issue with this related to the feature not considered secure by the development team, so I don't think you'd be able to fix it on your side unless you resort to some other authentication mechanism.

    See here for more details:

    https://bugs.chromium.org/p/chromium/issues/detail?id=544244#c32

    点赞 评论 复制链接分享