From 86cef23266cff1d51fa23357b666dffc6a82ce73 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Magnin?= <jmagnin@haproxy.com>
Date: Fri, 28 Dec 2018 14:49:08 +0100
Subject: [PATCH] BUG/MINOR: htx: send the proper authenticate header when
 using http-request auth

When we use htx and http-request auth rules, we need to send WWW-Authenticate
with a 401 and Proxy-Authenticate with a 407. We only sent Proxy-Authenticate
regardless of status, with htx enabled.

To be backported to 1.9.
---
 src/proto_htx.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/proto_htx.c b/src/proto_htx.c
index 4573c6891..2a021938e 100644
--- a/src/proto_htx.c
+++ b/src/proto_htx.c
@@ -5435,10 +5435,12 @@ static int htx_reply_40x_unauthorized(struct stream *s, const char *auth_realm)
 
         if (!htx_add_header(htx, ist("Cache-Control"), ist("no-cache")) ||
 	    !htx_add_header(htx, ist("Connection"), ist("close")) ||
-	    !htx_add_header(htx, ist("Content-Type"), ist("text/html")) ||
-	    !htx_add_header(htx, ist("Proxy-Authenticate"), ist2(trash.area, trash.data)))
+	    !htx_add_header(htx, ist("Content-Type"), ist("text/html")))
+		goto fail;
+	if (status == 401 && !htx_add_header(htx, ist("WWW-Authenticate"), ist2(trash.area, trash.data)))
+		goto fail;
+	if (status == 407 && !htx_add_header(htx, ist("Proxy-Authenticate"), ist2(trash.area, trash.data)))
 		goto fail;
-
 	if (!htx_add_endof(htx, HTX_BLK_EOH) || !htx_add_data(htx, body) || !htx_add_endof(htx, HTX_BLK_EOM))
 		goto fail;