Issue #2432657 by Berdir, znerol: BasicAuth challenge never sent to browser

core/lib/Drupal/Core/EventSubscriber/DefaultExceptionSubscriber.php

@@ -136,6 +136,7 @@ protected function onHtml(GetResponseForExceptionEvent $event) {
 
     if ($exception instanceof HttpExceptionInterface) {
       $response->setStatusCode($exception->getStatusCode());
+      $response->headers->add($exception->getHeaders());
     }
     else {
       $response->setStatusCode(Response::HTTP_INTERNAL_SERVER_ERROR, '500 Service unavailable (with message)');
@@ -166,6 +167,7 @@ protected function onJson(GetResponseForExceptionEvent $event) {
     $response = new JsonResponse($data, Response::HTTP_INTERNAL_SERVER_ERROR);
     if ($exception instanceof HttpExceptionInterface) {
       $response->setStatusCode($exception->getStatusCode());
+      $response->headers->add($exception->getHeaders());
     }
 
     $event->setResponse($response);

core/modules/basic_auth/src/Tests/Authentication/BasicAuthTest.php

@@ -7,6 +7,7 @@
 
 namespace Drupal\basic_auth\Tests\Authentication;
 
+use Drupal\Component\Utility\String;
 use Drupal\Core\Url;
 use Drupal\language\Entity\ConfigurableLanguage;
 use Drupal\simpletest\WebTestBase;
@@ -53,6 +54,7 @@ public function testBasicAuth() {
     // @todo Change ->drupalGet() calls to just pass $url when
     //   https://www.drupal.org/node/2350837 gets committed
     $this->drupalGet($url->setAbsolute()->toString());
+    $this->assertEqual($this->drupalGetHeader('WWW-Authenticate'), String::format('Basic realm="@realm"', ['@realm' => \Drupal::config('system.site')->get('name')]));
     $this->assertResponse('401', 'Not authenticated on the route that allows only basic_auth. Prompt to authenticate received.');
 
     $this->drupalGet('admin');