From 3414d7b5173fe6fd5d18f9bb3bc5522b3582cffd Mon Sep 17 00:00:00 2001
From: Joxit <joxit972@gmail.com>
Date: Wed, 2 Aug 2023 23:57:59 +0200
Subject: [PATCH] feat(token-auth): check the presence of `www-authenticate`
 header before the status code

---
 src/components/catalog/catalog-element.riot | 2 +-
 src/scripts/http.js                         | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/components/catalog/catalog-element.riot b/src/components/catalog/catalog-element.riot
index e3de4cc..cdf151a 100644
--- a/src/components/catalog/catalog-element.riot
+++ b/src/components/catalog/catalog-element.riot
@@ -111,7 +111,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
           onAuthentication: props.onAuthentication,
           withCredentials: props.isRegistrySecured,
         });
-        oReq.addEventListener('load', function () {
+        oReq.addEventListener('loadend', function () {
           if (this.status === 200) {
             const nbTags = (JSON.parse(this.responseText).tags || []).length;
             self.update({ nbTags });
diff --git a/src/scripts/http.js b/src/scripts/http.js
index d4919d9..58b4c32 100644
--- a/src/scripts/http.js
+++ b/src/scripts/http.js
@@ -54,9 +54,9 @@ export class Http {
     switch (e) {
       case 'loadend': {
         self.oReq.addEventListener('loadend', function () {
-          if (this.status === 401 && !this.withCredentials) {
-            const tokenAuth =
-              this.hasHeader('www-authenticate') && parseAuthenticateHeader(this.getResponseHeader('www-authenticate'));
+          const tokenAuth =
+            this.hasHeader('www-authenticate') && parseAuthenticateHeader(this.getResponseHeader('www-authenticate'));
+          if (this.status === 401 && (!this.withCredentials || tokenAuth)) {
             self.onAuthentication(tokenAuth, (bearer) => {
               const req = new XMLHttpRequest();
               req._url = self._url;