When you visit a route that is protected with basic authentication and you do not provide credentials, then the resulting 401 page shows a stacktrace rather than a human friendly error message.
Steps to replicate:
- Create a route that is protected with basic authentication. For example put this in
user.routing.yml:user.basic_auth:
path: '/user/basic-auth'
defaults:
_form: '\Drupal\user\Form\UserLoginForm'
options:
_auth: [ 'basic_auth' ] - Enable the
basic_authmodule. - Visit the path
user/basic-authwithout an active session (easiest is to open an anonymous browser window to test) - You will be asked to authenticate. Close the dialog without authenticating.
Result: the following backtrace is shown:
Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException: No authentication credentials provided. in Drupal\basic_auth\Authentication\Provider\BasicAuth->challengeException() (line 138 of core/modules/basic_auth/src/Authentication/Provider/BasicAuth.php).
Drupal\Core\Routing\AccessAwareRouter->matchRequest(Object)
Symfony\Component\HttpKernel\EventListener\RouterListener->onKernelRequest(Object, 'kernel.request', Object)
Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher->dispatch('kernel.request', Object)
Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object, 1)
Symfony\Component\HttpKernel\HttpKernel->handle(Object, 1, 1)
Drupal\Core\StackMiddleware\Session->handle(Object, 1, 1)
Drupal\Core\StackMiddleware\KernelPreHandle->handle(Object, 1, 1)
Drupal\Core\StackMiddleware\PageCache->fetch(Object, 1, 1)
Drupal\Core\StackMiddleware\PageCache->lookup(Object, 1, 1)
Drupal\Core\StackMiddleware\PageCache->handle(Object, 1, 1)
Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle(Object, 1, 1)
Drupal\Core\StackMiddleware\NegotiationMiddleware->handle(Object, 1, 1)
Stack\StackedHttpKernel->handle(Object, 1, 1)
Drupal\Core\DrupalKernel->handle(Object)Expected result: A human readable message such as:
Unauthorized - Please log in to access this page.