From a464e74aa42142de039600f9630f1a8ce8c40218 Mon Sep 17 00:00:00 2001
From: "Alexander A. Klimov" <alexander.klimov@netways.de>
Date: Mon, 15 Feb 2016 10:53:32 +0100
Subject: [PATCH] Allow basic auth for API requests only

refs #11151
---
 library/Icinga/Authentication/Auth.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/Icinga/Authentication/Auth.php b/library/Icinga/Authentication/Auth.php
index e63b10ef1..4e15c9512 100644
--- a/library/Icinga/Authentication/Auth.php
+++ b/library/Icinga/Authentication/Auth.php
@@ -270,7 +270,7 @@ class Auth
     }
 
     /**
-     * Attempt to authenticate a user using HTTP authentication
+     * Attempt to authenticate a user using HTTP authentication on API requests only
      *
      * Supports only the Basic HTTP authentication scheme. XHR will be ignored.
      *
@@ -279,7 +279,7 @@ class Auth
     protected function authHttp()
     {
         $request = $this->getRequest();
-        if ($request->isXmlHttpRequest()) {
+        if ($request->isXmlHttpRequest() || ! $request->isApiRequest()) {
             return false;
         }
         if (($header = $request->getHeader('Authorization')) === false) {