2 files changed, 8 insertions, 2 deletions

diff --git a/plugins/webbox/html/webbox.js b/plugins/webbox/html/webbox.js
index 54adeaf..cad32b1 100644
--- a/plugins/webbox/html/webbox.js
+++ b/plugins/webbox/html/webbox.js
@@ -320,7 +320,6 @@ function initMainpage() {
 			return;
 		}
 		if (this.status == 401) { // login error: goto login page
-			var authheader = this.getResponseHeader("WWW-Authenticate");
 			var title = "Webbox Login";
 
 			// enable logout function if logging in
diff --git a/plugins/webbox/webbox.cpp b/plugins/webbox/webbox.cpp
index de8df85..37ddde2 100644
--- a/plugins/webbox/webbox.cpp
+++ b/plugins/webbox/webbox.cpp
@@ -40,6 +40,7 @@ namespace {
  std::unordered_map<std::string, std::string> status_map {
   { "301", "Moved Permanently" },
   { "400", "Bad Request"},
+  { "401", "Unauthorized"},
   { "403", "Forbidden" },
   { "404", "Not Found" },
   { "500", "Internal Server Error" }
@@ -176,6 +177,11 @@ public:
  // call interface
  std::string execute(CommandParameters& p)
  {
+  // Authentication
+  if (m_needsAuthentication && p.m_GetRequestParam("is_authenticated") == "0") {
+   return HttpStatus("401", "Not authorized", p);
+  }
+
   // check if this webbox is writable and enforce this
   if (p.webboxReadOnly && m_isWriteCommand) {
    return HttpStatus("400", "Webbox is Read-Only", p);
@@ -205,7 +211,7 @@ protected:
  std::string m_commandName;
  std::string m_requestMethod;
  bool m_isWriteCommand; // if true, command must be prevented if p.webboxReadOnly
-
+ bool m_needsAuthentication{true};
 };
 
 class GetCommand: public Command
@@ -841,6 +847,7 @@ public:
  {
   m_commandName = "static-html";
   m_isWriteCommand = false;
+  m_needsAuthentication = false;
  }
 
 protected: