Proposal to prevent basic authentication challenge on 401

Created by: draperd

When developing an application that uses REST APIs that require authentication a situation can occur when a session timeout occurs and a Basic Authentication challenge dialog will be shown by the browser.

This occurs because the browser attempts to handle a 401 response before passing control to the application code. The browser will do this if there is a www-authenticate header in the response. This header is controlled by the REST API.

In my experience it is unlikely that you would want users to be presented with this dialog. Although the ultimate production solution would require changes the server that the application is deployed onto I still think that there would be value to update the development environment in either removing the header by default or providing an "opt-in" configuration option to have it removed (so as to retain backwards compatibility).

Removing this header would allow the application to handle 401 errors (i.e. to redirect to a login page for example).

The change required is fairly simple and I'm happy to raise a PR for this, but I just wanted to get a sense of whether or not it is likely to be an acceptable change.

The change would essentially be to update the start.js script so that the addMiddleWare function contains the line:

onProxyRes: function(proxyRes, req, res) {
    delete proxyRes.headers['www-authenticate'];
},