core/modules/basic_auth/src/Authentication/Provider/BasicAuth.php | 5 ++++- .../modules/rest/tests/src/Functional/BasicAuthResourceTestTrait.php | 4 ++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/core/modules/basic_auth/src/Authentication/Provider/BasicAuth.php b/core/modules/basic_auth/src/Authentication/Provider/BasicAuth.php index 01034f4..cc7c494 100644 --- a/core/modules/basic_auth/src/Authentication/Provider/BasicAuth.php +++ b/core/modules/basic_auth/src/Authentication/Provider/BasicAuth.php @@ -12,6 +12,7 @@ use Drupal\Core\Http\Exception\CacheableUnauthorizedHttpException; use Drupal\user\UserAuthInterface; use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException; /** * HTTP Basic authentication provider. @@ -155,7 +156,9 @@ public function challengeException(Request $request, \Exception $previous) { $cacheability = CacheableMetadata::createFromObject($site_config) ->addCacheTags(['config:user.role.anonymous']) ->addCacheContexts(['user.roles:anonymous']); - return new CacheableUnauthorizedHttpException($cacheability, (string) $challenge, 'No authentication credentials provided.', $previous); + return $request->isMethodCacheable() + ? new CacheableUnauthorizedHttpException($cacheability, (string) $challenge, 'No authentication credentials provided.', $previous) + : new UnauthorizedHttpException((string) $challenge, 'No authentication credentials provided.', $previous); } } diff --git a/core/modules/rest/tests/src/Functional/BasicAuthResourceTestTrait.php b/core/modules/rest/tests/src/Functional/BasicAuthResourceTestTrait.php index 29f698c..455442b9 100644 --- a/core/modules/rest/tests/src/Functional/BasicAuthResourceTestTrait.php +++ b/core/modules/rest/tests/src/Functional/BasicAuthResourceTestTrait.php @@ -34,6 +34,10 @@ protected function getAuthenticationRequestOptions($method) { * {@inheritdoc} */ protected function assertResponseWhenMissingAuthentication($method, ResponseInterface $response) { + if ($method !== 'GET') { + return $this->assertResourceErrorResponse(401, 'No authentication credentials provided.', $response); + } + $expected_page_cache_header_value = $method === 'GET' ? 'MISS' : FALSE; $expected_cacheability = $this->getExpectedUnauthorizedAccessCacheability() ->addCacheableDependency($this->getExpectedUnauthorizedEntityAccessCacheability(FALSE))