This commit is contained in:
Owen
2026-07-08 21:44:20 -04:00
parent 67a3d226f5
commit 6d129c0738
+5 -2
View File
@@ -736,11 +736,14 @@ export async function verifyResourceSession(
}
}
// If headerAuthExtendedCompatibility is activated but no clientHeaderAuth provided, force client to challenge
// If headerAuthExtendedCompatibility is activated but no clientHeaderAuth provided, force client to challenge.
// Skip the challenge when SSO is also enabled so browsers get the SSO redirect instead of a native Basic
// Auth dialog; clients that proactively send Authorization: Basic are still accepted above.
if (
headerAuthExtendedCompatibility &&
headerAuthExtendedCompatibility.extendedCompatibilityIsActivated &&
!clientHeaderAuth
!clientHeaderAuth &&
!sso
) {
return headerAuthChallenged(res, redirectPath, resource.orgId);
}