dseminara
Reputation: 11935
How I can avoid requesting Basic Authentication when HTTP method is OPTIONS on Apache .htaccess?
I am using HTTP basic authentication (username & password) in a site including API endpoints hosted in Apache, I am doing something like this on .htaccess:
AuthType Basic
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
Require user rbowen
Since I am consuming the API from browser side in a page hosted on another domain (the CORS part is already solved), I need to allow certain requests UNauthenticated. These requests are the request which method is "OPTIONS", (preflight as explained here: http://www.w3.org/TR/cors/#resource-preflight-requests), Please, i dont need any info about ajax or any other thing on the browser, I need to know how to do this on apache
Thanks in advance
Upvotes: 6
Views: 2532
Answers (1)
anubhava
Reputation: 785276
You can use mod_setenvif here.
SetEnvIfNoCase Request_Method OPTIONS allowed
AuthType Basic
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
Require user rbowen
Order deny,allow
Deny from all
Allow from env=allowed
Satisfy any
Upvotes: 9
Related Questions
- Bypass htaccess Password Protection for API calls
- Bypassing authentication for "Options request" (so all headers are sent in the response)
- HTTP Basic Authentication for specific domain
- Apache Basic Auth only for Requests with URL Path
- CORS - how to ignore authentication for OPTIONS preflight request in Apache's httpd.conf?
- htaccess authentication rest api methods
- Bypass basic authentication for referrer
- Use basic auth for different URIs in a .htaccess file
- How to make Basic Auth exclude a rewritten URL
- .htaccess basic auth by virtual host?