From 703256e50eebc66701750bdca8604d9788a0549c Mon Sep 17 00:00:00 2001 From: Andreas Ahlenstorf Date: Thu, 9 Apr 2026 12:21:44 +0200 Subject: [PATCH] Revert "fix: add challenge for HTTP Basic Authentication to container registry" (#12058) This reverts commit 79ed45d39a05533f55a4694cd62176eaa99dae16. Testing has shown that it breaks Docker 26 which is the version included in Debian Trixie. It was originally introduced with https://codeberg.org/forgejo/forgejo/pulls/11678. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12058 Reviewed-by: Michael Kriese Co-authored-by: Andreas Ahlenstorf Co-committed-by: Andreas Ahlenstorf --- routers/api/packages/container/container.go | 3 +-- .../api_packages_container_cleanup_sha256_test.go | 5 +---- tests/integration/api_packages_container_test.go | 5 +---- 3 files changed, 3 insertions(+), 10 deletions(-) diff --git a/routers/api/packages/container/container.go b/routers/api/packages/container/container.go index f79bea2c84..6781f511c8 100644 --- a/routers/api/packages/container/container.go +++ b/routers/api/packages/container/container.go @@ -118,8 +118,7 @@ func apiErrorDefined(ctx *context.Context, err *container_service.NamedError) { func APIUnauthorizedError(ctx *context.Context) { // Do not include more than one challenge in the same header field. That breaks clients even though the HTTP RFC // allows it. - ctx.Resp.Header().Add("WWW-Authenticate", `Bearer realm="`+setting.AppURL+`v2/token",service="container_registry",scope="*"`) - ctx.Resp.Header().Add("WWW-Authenticate", `Basic realm="Forgejo Container Registry"`) + ctx.Resp.Header().Set("WWW-Authenticate", `Bearer realm="`+setting.AppURL+`v2/token",service="container_registry",scope="*"`) apiErrorDefined(ctx, container_service.ErrUnauthorized) } diff --git a/tests/integration/api_packages_container_cleanup_sha256_test.go b/tests/integration/api_packages_container_cleanup_sha256_test.go index 50106e6834..19b73f7698 100644 --- a/tests/integration/api_packages_container_cleanup_sha256_test.go +++ b/tests/integration/api_packages_container_cleanup_sha256_test.go @@ -63,10 +63,7 @@ func TestPackageContainerCleanupSHA256(t *testing.T) { Token string `json:"token"` } - authenticate := []string{ - `Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`, - `Basic realm="Forgejo Container Registry"`, - } + authenticate := []string{`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`} t.Run("User", func(t *testing.T) { req := NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL)) diff --git a/tests/integration/api_packages_container_test.go b/tests/integration/api_packages_container_test.go index 13ce7dc136..70e3f40d6c 100644 --- a/tests/integration/api_packages_container_test.go +++ b/tests/integration/api_packages_container_test.go @@ -91,10 +91,7 @@ func TestPackageContainer(t *testing.T) { Token string `json:"token"` } - authenticate := []string{ - `Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`, - `Basic realm="Forgejo Container Registry"`, - } + authenticate := []string{`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`} t.Run("Anonymous", func(t *testing.T) { defer tests.PrintCurrentTest(t)()