Fix typo in HTTP Basic Auth Provider documentation

martinboulais · rwinch · commit 1d8ea63a9eba · 2026-01-08T13:59:34.000-06:00
The documentation states that setting the header `X-Requested-By` will remove the `WWW-Authenticate` header from the response.
However, after testing this and reading the library code it looks like the header to set is `X-Requested-With` (X-Requested-By is mentioned nowhere except in this documentation file), so I propose this simple PR to fix this.

Signed-off-by: Martin Boulais &lt;31805063+martinboulais@users.noreply.github.com&gt;
diff --git a/docs/modules/ROOT/pages/servlet/authentication/passwords/basic.adoc b/docs/modules/ROOT/pages/servlet/authentication/passwords/basic.adoc
@@ -24,7 +24,7 @@ The `RequestCache` is typically a `NullRequestCache` that does not save the requ
 
 [NOTE]
 ====
-The default HTTP Basic Auth Provider will suppress both Response body and `WWW-Authenticate` header in the 401 response when the request was made with a `X-Requested-By: XMLHttpRequest` header.
+The default HTTP Basic Auth Provider will suppress both Response body and `WWW-Authenticate` header in the 401 response when the request was made with a `X-Requested-With: XMLHttpRequest` header.
 This allows frontends to implement their own authentication code, instead of triggering the browser login dialog.
 To override, implement your own javadoc:org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint[].
 ====
