Get 401 if you have a CSRF cookie and use Basic auth and are already logged in

[6543]

Well.. you get 401 if you have a CSRF cookie and use Basic auth but not if you use other auth options...
Is this not considered a bug?

Originally posted by @AllTaken in #13484 (comment)

[lunny]

We should leave some comments here if we change them.

[zeripath]

Gonna need some more details here. Presumably this is on the API?

[6543]

the issue occurred on a GET api witch require auth

[dr-consit]

Also there's quite a lot more information in the original issue: #13484

But yeah, the gist is:

If you try to use the API from with basic auth, but happen to have a CSRF cookie set, it breaks.

This will be the case if you try to test the API from the auto generated swagger page (e.g. https://try.gitea.io/api/swagger) after having logged in / getting the CSRF cookie in your browser.
So if you choose to authorize with Basic authorization in the swagger page, you get 401, even though you have entered valid credentials. But if you chose one of the other authorizations, it works as expected.
At least this was the case when I created the original issue.

[wxiaoguang]

Now there is no call to API from UI