Description
I really like the ability to redirect/prompt users to login, in response to a 401, but I'm concerned that the current usage of WWW-Authenticate here is non-standard - ie. the syntax doesn't match & the scheme is not IANA registered: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate#syntax (cf. https://datatracker.ietf.org/doc/html/rfc7235#section-4.1) and wouldn't work if a browser requested the same URL.
In terms of support, I'd personally be tempted to use the non-standard Refresh header to perform the same function? It's also non-standard, but it would mean that the behaviour matched for both normal browser fetches and also responses to FetchRequest().
https://github.com/rails/request.js/blob/main/src/fetch_response.js#L19
e.g.
get authenticationURL () {
const refresh = this.response.headers.get('Refresh');
if (refresh === null) return;
let bits = refresh.split(/; */), i;
for (i = 0; i < bits.length; i++) {
if (bits[i].slice(0,4).toLowerCase() === 'url=') {
return bits[i].slice(4);
}
}
}