Fix missing mandatory WWW-Authenticate header

AnujaKalahara99 · AnujaKalahara99 · commit e02e1ca221b3 · 2026-05-07T15:06:38.000+05:30
diff --git a/event-gateway/gateway-runtime/internal/connectors/receiver/websub/handler.go b/event-gateway/gateway-runtime/internal/connectors/receiver/websub/handler.go
@@ -379,6 +379,9 @@ func writePolicyResponse(w http.ResponseWriter, msg *connectors.Message, fallbac
 		w.WriteHeader(statusCode)
 		return
 	}
+	if fallbackStatus == http.StatusUnauthorized {
+		w.Header().Set("WWW-Authenticate", `Bearer realm="event-gateway"`)
+	}
 	http.Error(w, fallbackBody, fallbackStatus)
 }
 

Original file line number	Diff line number	Diff line change
`@@ -379,6 +379,9 @@ func writePolicyResponse(w http.ResponseWriter, msg *connectors.Message, fallbac`
`379`	`379`	`w.WriteHeader(statusCode)`
`380`	`380`	`return`
`381`	`381`	`}`
	`382`	`+ if fallbackStatus == http.StatusUnauthorized {`
	`383`	+ w.Header().Set("WWW-Authenticate", `Bearer realm="event-gateway"`)
	`384`	`+ }`
`382`	`385`	`http.Error(w, fallbackBody, fallbackStatus)`
`383`	`386`	`}`
`384`	`387`