fix: add challenge for HTTP Basic Authentication to container registry

routers/api/packages/container/container.go

@@ -118,7 +118,8 @@ func apiErrorDefined(ctx *context.Context, err *container_service.NamedError) {
 func APIUnauthorizedError(ctx *context.Context) {
 	// Do not include more than one challenge in the same header field. That breaks clients even though the HTTP RFC
 	// allows it.
-	ctx.Resp.Header().Set("WWW-Authenticate", `Bearer realm="`+setting.AppURL+`v2/token",service="container_registry",scope="*"`)
+	ctx.Resp.Header().Add("WWW-Authenticate", `Bearer realm="`+setting.AppURL+`v2/token",service="container_registry",scope="*"`)
+	ctx.Resp.Header().Add("WWW-Authenticate", `Basic realm="Forgejo Container Registry"`)
 	apiErrorDefined(ctx, container_service.ErrUnauthorized)
 }
 

tests/integration/api_packages_container_cleanup_sha256_test.go

@@ -63,7 +63,10 @@ func TestPackageContainerCleanupSHA256(t *testing.T) {
 			Token string `json:"token"`
 		}
 
-		authenticate := []string{`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`}
+		authenticate := []string{
+			`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`,
+			`Basic realm="Forgejo Container Registry"`,
+		}
 
 		t.Run("User", func(t *testing.T) {
 			req := NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL))

tests/integration/api_packages_container_test.go

@@ -91,7 +91,10 @@ func TestPackageContainer(t *testing.T) {
 			Token string `json:"token"`
 		}
 
-		authenticate := []string{`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`}
+		authenticate := []string{
+			`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`,
+			`Basic realm="Forgejo Container Registry"`,
+		}
 
 		t.Run("Anonymous", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()