From cb83133c4ef6d2362f938c2ab00cfa5228599a6f Mon Sep 17 00:00:00 2001 From: Yurii Motov Date: Tue, 20 Jan 2026 12:03:39 +0100 Subject: [PATCH] Revert "Fix HTTP Basic realm handling (RFC 7617)" This reverts commit e8c08fc843dc12c8f100065fc442dea749eeff11. --- fastapi/security/http.py | 13 +++++++++++-- tests/test_security_http_base.py | 18 +----------------- 2 files changed, 12 insertions(+), 19 deletions(-) diff --git a/fastapi/security/http.py b/fastapi/security/http.py index 25cb4e376..b4c3bc6d8 100644 --- a/fastapi/security/http.py +++ b/fastapi/security/http.py @@ -152,7 +152,14 @@ class HTTPBasic(HTTPBase): """ ), ] = None, - realm: Annotated[str, Doc("HTTP Basic authentication realm.")] = "fastapi", + realm: Annotated[ + Optional[str], + Doc( + """ + HTTP Basic authentication realm. + """ + ), + ] = None, description: Annotated[ Optional[str], Doc( @@ -190,7 +197,9 @@ class HTTPBasic(HTTPBase): self.auto_error = auto_error def make_authenticate_headers(self) -> dict[str, str]: - return {"WWW-Authenticate": f'Basic realm="{self.realm}"'} + if self.realm: + return {"WWW-Authenticate": f'Basic realm="{self.realm}"'} + return {"WWW-Authenticate": "Basic"} async def __call__( # type: ignore self, request: Request diff --git a/tests/test_security_http_base.py b/tests/test_security_http_base.py index 1e948f218..8cf259a75 100644 --- a/tests/test_security_http_base.py +++ b/tests/test_security_http_base.py @@ -1,5 +1,4 @@ -from fastapi import Depends, FastAPI, Security -from fastapi.security import HTTPBasic +from fastapi import FastAPI, Security from fastapi.security.http import HTTPAuthorizationCredentials, HTTPBase from fastapi.testclient import TestClient @@ -54,18 +53,3 @@ def test_openapi_schema(): "securitySchemes": {"HTTPBase": {"type": "http", "scheme": "Other"}} }, } - - -def test_http_basic_includes_realm(): - app = FastAPI() - security = HTTPBasic(realm="MyRealm") - - @app.get("/") - def read_root(credentials=Depends(security)): - return {"ok": True} - - client = TestClient(app) - response = client.get("/") - - assert response.status_code == 401 - assert response.headers["WWW-Authenticate"] == 'Basic realm="MyRealm"'