From e61e8ebd9eec288b5b2fa0a23dca22738f6b3693 Mon Sep 17 00:00:00 2001
From: SamTV12345 <40429738+samtv12345@users.noreply.github.com>
Date: Wed, 20 Mar 2024 08:43:17 +0100
Subject: [PATCH] Fixed no Basic Auth being absent

---
 src/node/hooks/express/webaccess.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/node/hooks/express/webaccess.ts b/src/node/hooks/express/webaccess.ts
index 0034f87c..cb6884dc 100644
--- a/src/node/hooks/express/webaccess.ts
+++ b/src/node/hooks/express/webaccess.ts
@@ -169,7 +169,9 @@ const checkAccess = async (req:any, res:any, next: Function) => {
       if (await aCallFirst0('authnFailure', {req, res})) return;
       if (await aCallFirst0('authFailure', {req, res, next})) return;
       // No plugin handled the authentication failure. Fall back to basic authentication.
-      //res.header('WWW-Authenticate', 'Basic realm="Protected Area"');
+      if (!requireAdmin) {
+        res.header('WWW-Authenticate', 'Basic realm="Protected Area"');
+      }
       // Delay the error response for 1s to slow down brute force attacks.
       await new Promise((resolve) => setTimeout(resolve, exports.authnFailureDelayMs));
       res.status(401).send('Authentication Required');