Basic auth across multiple directories

Question

I have a web site that I am using Apache for authentication (using basic auth for testing). It works just fine on all browsers. Now, I am trying to add the API that the web site uses to the authentication realm (using the same AuthName), and noticing the following behaviors:

On Safari it authenticates twice, once when going to the web site, and then again when it makes the API call. (I would prefer only to have to authenticate the first time.)

On both Chrome and Firefox it authenticates when I first go to the web site, but then it returns a 401 error when the web site makes the API call.

These are all on the same domain/port, so I do not see this being a CORS issue (especially since this works when I remove the authentication requirement for the API, which is then not locked down and hence, not desirable). I do have the same AuthName, FWIW, but that seems to have no effect.

My API config in httpd.conf is:

WSGIDaemonProcess rest_api user=gms  threads=5
WSGIScriptAlias /api /var/www/extjs/rest_api/rest_api.wsgi

<Location /api>
    Options +FollowSymLinks +Multiviews +Indexes
    AllowOverride None
    Order allow,deny
    Deny from all
    AuthType basic
    Satisfy Any
    AuthName "PrivateRepository"
    AuthUserFile /var/www/extjs/.htpasswd
    Require valid-user
</Location>

While the web site's is:

<VirtualHost *:80>
    ServerName cardiocatalogqt
    Alias /cardiocatalogqt /var/www/extjs/cardiocatalogqt

    <Location /cardiocatalogqt>
        Options +FollowSymLinks +Multiviews +Indexes
        AllowOverride None
        Order allow,deny
        Deny from all
        AuthType basic
        Satisfy Any
        AuthName "PrivateRepository"
        AuthUserFile /var/www/extjs/.htpasswd
        Require valid-user
    </Location>
</VirtualHost>

Answer 1

You'll need to rearrange the URL's so they have a common prefix if you want browsers to pre-emptively send basic auth credentials.