diff --git a/core/modules/basic_auth/src/Authentication/Provider/BasicAuth.php b/core/modules/basic_auth/src/Authentication/Provider/BasicAuth.php
index c72e3f0..6391bd6 100644
--- a/core/modules/basic_auth/src/Authentication/Provider/BasicAuth.php
+++ b/core/modules/basic_auth/src/Authentication/Provider/BasicAuth.php
@@ -68,9 +68,16 @@ public function __construct(ConfigFactoryInterface $config_factory, UserAuthInte
    * {@inheritdoc}
    */
   public function applies(Request $request) {
-    $username = $request->headers->get('PHP_AUTH_USER');
-    $password = $request->headers->get('PHP_AUTH_PW');
-    return isset($username) && isset($password);
+    $www_auth = $request->headers->get('www-authenticate');
+
+    if ($www_auth === $this->getChallenge()) {
+      $username = $request->headers->get('PHP_AUTH_USER');
+      $password = $request->headers->get('PHP_AUTH_PW');
+
+      return isset($username) && isset($password);
+    }
+
+    return FALSE;
   }
 
   /**
@@ -126,11 +133,21 @@ public function authenticate(Request $request) {
    * {@inheritdoc}
    */
   public function challengeException(Request $request, \Exception $previous) {
+    return new UnauthorizedHttpException((string) $this->getChallenge(), 'No authentication credentials provided.', $previous);
+  }
+
+  /**
+   * Generates the realm for a basic auth challenge.
+   *
+   * @return string
+   *   A string with the basic realm based on the site name.
+   */
+  protected function getChallenge() {
     $site_name = $this->configFactory->get('system.site')->get('name');
-    $challenge = SafeMarkup::format('Basic realm="@realm"', [
+
+    return SafeMarkup::format('Basic realm="@realm"', [
       '@realm' => !empty($site_name) ? $site_name : 'Access restricted',
     ]);
-    return new UnauthorizedHttpException((string) $challenge, 'No authentication credentials provided.', $previous);
   }
 
 }