/** * Override the parent `challenge` method to remove the `WWW-Authenticate` * header in the response if the `X-Requested-With` header is present in the * request. This last trick prevents the browser to prompt of dialog to the * user. * * @param Request $request Request. * @param Response $response Response. * @return void */ function challenge(Request $request, Response $response) { parent::challenge($request, $response); if ('XMLHttpRequest' === $request->getHeader('X-Requested-With')) { $response->removeHeader('WWW-Authenticate'); } }