ESP8266WebServer accepts wrong auth type

[NdK73]

• Hardware: WeMosD1mini
• Core Version: GIT commit 7820fb7
• Development Env: Arduino IDE
• Operating System: Ubuntu
• Module: Wemos D1 mini r2
• Flash Mode: dio
• Flash Size: 4MB/1MB
• lwip Variant: v2 Lower Memory
• Upload Using: SERIAL
• Upload Speed: 921600

I have the following callback function for pages requiring authentication:

static void handleAuth(ESP8266WebServer::THandlerFunction f)
{
  for(int t=0; t<server.headers(); ++t) {
    Serial.printf(" Header %s\n", server.header(t).c_str());
  }
  if(!server.authenticate(sysParams.user, sysParams.pass)) {
    Serial.printf("Authentication missing, expected %s:%s\n", sysParams.user, sysParams.pass);
    return server.requestAuthentication(DIGEST_AUTH);
  }
  f();
}

Since it did not accept username and password (that I copy-pasted in the browser from the expected values, but that will eventually be a different issue), I changed DIGEST_AUTH to BASIC_AUTH and it worked.
What's "not working" is that, now that I reflashed the sketch with DIGEST_AUTH, I have no way to tell it to stop accepting BASIC authentication.
That's quite obvious, since authenticate() does not have a clue about the type of authentication it should expect/accept: if any auth is present in the headers, and credentials match, it considers auth done and requestAuthentication() will not be called.