From ba6b7cf517d75f5ff2e349f0dd384cbcf22eef5a Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Fri, 26 Feb 2016 08:35:51 -0500
Subject: [PATCH] Give client method to suppress auth header

A javascript client running in browser may want
the standard authorization header suppressed.
This allows a client to block the default browser
authentication prompt.
---
 confluent_server/confluent/httpapi.py | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/confluent_server/confluent/httpapi.py b/confluent_server/confluent/httpapi.py
index 3a7f0924..da672cf9 100644
--- a/confluent_server/confluent/httpapi.py
+++ b/confluent_server/confluent/httpapi.py
@@ -306,18 +306,17 @@ def resourcehandler_backend(env, start_response):
         operation = querydict['restexplorerop']
         del querydict['restexplorerop']
     authorized = _authorize_request(env, operation)
+    if 'HTTP_SUPPRESSAUTHHEADER' in env:
+        badauth = [('Content-type', 'text/plain')]
+    else:
+        badauth = [('Content-type', 'text/plain'),
+                   ('WWW-Authenticate', 'Basic realm="confluent"')]
     if authorized['code'] == 401:
-        start_response(
-            '401 Authentication Required',
-            [('Content-type', 'text/plain'),
-             ('WWW-Authenticate', 'Basic realm="confluent"')])
+        start_response('401 Authentication Required', badauth)
         yield 'authentication required'
         return
     if authorized['code'] == 403:
-        start_response(
-            '403 Forbidden',
-            [('Content-type', 'text/plain'),
-             ('WWW-Authenticate', 'Basic realm="confluent"')])
+        start_response('403 Forbidden', badauth)
         yield 'authorization failed'
         return
     if authorized['code'] != 200: