h1. Symptoms and how to reproduce:

https://example.com/issues/605 is not publically available. Logging in and showing the page works as intended. Then, using the same browser with the same session cookie and no logging out, visit: https://example.com/issues/605.json

h1. Result:

Browser shows a pop-up for logging in the user via basic authentication.

h1. Requested result:

Allow the authentication method to be the API key, basic auth or the session cookie.

h1. Reason:

We have some additional javascripts we develop in greasemonkey that need to modify the page and fetch additional information once the page is loaded.

h1. Disclaimer:

I believe it is intended for redmine modifications to consist of a plugin in redmine rather than using javascripts, but for some hacks not intended for all users to use javascripts ingested via greasemonkey is perfect, but it is not really working as smoothly as it should (could).

I would like to call this a defect, but it works in line with the current documentation, so it'll be a feature request.