Allow comma separated authentication headers

[JialeHu]

django-rest-framework/rest_framework/views.py

Line 183 in 3f8ab53

def get_authenticate_header(self, request):

Since WWW-Authenticate allows comma separated challenges https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate#syntax, why not enable that here by returning headers from all authenticators instead of just the first one?

[auvipy]

care to share some code snippets?

[kevin-brown]

I believe the primary reason why this wasn't done was to allow people to disable the WWW-Authenticate response by putting a not supported method first in their list. By returning all of them, they would no longer be able to disable that behaviour.

[JialeHu]

Would it be possible to allow user to disable it thru settings? So that other users can have the option to show the full header

[Ehsan200]

@kevin-brown
I don't understand why this wasn't done and how it is related to the not supported methods. Can you provide me more information?

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.