From 90ebfa129f3c73f62e978148ebfecbe850b2218a Mon Sep 17 00:00:00 2001
From: Martin Boulais <31805063+martinboulais@users.noreply.github.com>
Date: Sun, 2 Nov 2025 10:39:48 +0100
Subject: [PATCH] Fix typo in HTTP Basic Auth Provider documentation

The documentation states that setting the header `X-Requested-By` will remove the `WWW-Authenticate` header from the response.
However, after testing this and reading the library code it looks like the header to set is `X-Requested-With` (X-Requested-By is mentioned nowhere except in this documentation file), so I propose this simple PR to fix this.

Signed-off-by: Martin Boulais <31805063+martinboulais@users.noreply.github.com>
---
 .../ROOT/pages/servlet/authentication/passwords/basic.adoc      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/modules/ROOT/pages/servlet/authentication/passwords/basic.adoc b/docs/modules/ROOT/pages/servlet/authentication/passwords/basic.adoc
index 4e24d44e572..bfeee9bb10c 100644
--- a/docs/modules/ROOT/pages/servlet/authentication/passwords/basic.adoc
+++ b/docs/modules/ROOT/pages/servlet/authentication/passwords/basic.adoc
@@ -24,7 +24,7 @@ The `RequestCache` is typically a `NullRequestCache` that does not save the requ
 
 [NOTE]
 ====
-The default HTTP Basic Auth Provider will suppress both Response body and `WWW-Authenticate` header in the 401 response when the request was made with a `X-Requested-By: XMLHttpRequest` header.
+The default HTTP Basic Auth Provider will suppress both Response body and `WWW-Authenticate` header in the 401 response when the request was made with a `X-Requested-With: XMLHttpRequest` header.
 This allows frontends to implement their own authentication code, instead of triggering the browser login dialog.
 To override, implement your own javadoc:org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint[].
 ====